PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #228: Real Exam Question with Answer & Explanation

Question

Your organization recently activated the Security Command Center (SCC) standard tier. There are a few Cloud Storage buckets that were accidentally made accessible to the public. You need to investigate the impact of the incident and remediate it. What should you do?

Options

• A1. Remove the Identity and Access Management (IAM) granting access to all Users from the
• B1. Change permissions to limit access for authorized users.
• C1. Change the bucket permissions to limit access.
• D1. Change bucket permissions to limit access.

Explanation

When SCC detects publicly accessible Cloud Storage buckets, the correct remediation sequence is: (1) change the bucket's IAM permissions or uniform bucket-level access settings to remove 'allUsers' and 'allAuthenticatedUsers' principals, limiting access to only authorized identities; then (2) use SCC's findings and Cloud Audit Logs / Data Access logs to investigate what data may have been accessed during the exposure window. Option C matches this two-step pattern - fix first to stop the bleeding, then investigate impact. Option A references removing IAM granting access 'to all Users' but is incomplete as shown. Options B and D are variations that either skip investigation or reverse the remediation-before-investigation order. Restricting access before investigating is correct because it stops ongoing exposure immediately.

No community discussion yet for this question.