Google
PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #309
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #309: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to reveal the answer and full explanation for question #309. The question stem and answer options stay visible for context.
Submitted by ricky.ec· Apr 18, 2026Ensuring data protection
Question
You work for an organization that handles sensitive customer data. You must secure a series of Google Cloud Storage buckets housing this data and meet these requirements: - Multiple teams need varying access levels (some read-only, some read- write). - Data must be protected in storage and at rest. - It's critical to track file changes and audit access for compliance purposes. - For compliance purposes, the organization must have control over the encryption keys. What should you do?
Options
- ACreate IAM groups for each team and manage permissions at the group level. Employ server-
- BSet individual permissions for each team and apply access control lists (ACLs) to each bucket
- CUse predefined IAM roles tailored to each team's access needs, such as Storage Object Viewer
- DAssign IAM permissions for all teams at the object level. Implement third-party software to encrypt
Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-SECURITY-ENGINEER questions. Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#IAM roles#Customer-Managed Encryption Keys (CMEK)#Cloud Audit Logs#Object Versioning