PROFESSIONAL-CLOUD-DEVELOPER · Question #351
You are a developer of a new customer-facing help desk chat service that is built on Cloud Run. Your customers use the chat option on your website to get support. The application saves each transcript
The correct answer is D. Create a signed URL for each text file that expires after 2 hours.. Signed URLs are the Google-recommended approach for providing temporary, secure, time-limited access to Cloud Storage objects. By generating a signed URL that expires after exactly 2 hours, the application grants the customer access to their specific transcript without exposing o
Question
You are a developer of a new customer-facing help desk chat service that is built on Cloud Run. Your customers use the chat option on your website to get support. The application saves each transcript as a text file with a unique identifier in a Cloud Storage bucket. After the conversation is done and before the chat window is closed, the customer receives a link to the chat transcript. You want to provide access to the chat transcript link for 2 hours. You need to configure this access using an approach that prioritizes security and follows Google-recommended practices. What should you do?
Options
- ASet the ACL permission on the Cloud Storage bucket. Set the permission of each text file to
- BSet the permission on the Cloud Storage bucket with the text files to allUsers. Delete each text file
- CCreate a new Cloud Storage bucket for each user. Grant the user access to the bucket with a
- DCreate a signed URL for each text file that expires after 2 hours.
How the community answered
(20 responses)- A5% (1)
- B5% (1)
- C10% (2)
- D80% (16)
Explanation
Signed URLs are the Google-recommended approach for providing temporary, secure, time-limited access to Cloud Storage objects. By generating a signed URL that expires after exactly 2 hours, the application grants the customer access to their specific transcript without exposing other files or requiring the customer to have a Google account. The URL becomes invalid automatically after expiry. Option B (allUsers permission) makes files publicly accessible to anyone on the internet - a major security violation. Option A (ACL permissions on individual files) grants persistent access with no automatic expiry. Option C (creating a separate bucket per user) is operationally complex, does not enforce time-limited access natively, and is not aligned with Google's recommended practices for this use case.
Topics
Community Discussion
No community discussion yet for this question.