PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #56
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #56: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to reveal the answer and full explanation for question #56. The question stem and answer options stay visible for context.
Question
An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege. Which option meets the requirement of your team?
Options
- ACreate a Cloud Storage ACL that allows read-only access from the Compute Engine instance's IP
- BUse a service account with read-only access to the Cloud Storage bucket, and store the
- CUse a service account with read-only access to the Cloud Storage bucket to retrieve the
- DEncrypt the data in the Cloud Storage bucket using Cloud KMS, and allow the application to
Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-SECURITY-ENGINEER questions. Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.