For this question, refer to the Dress4Win case study. You are responsible for the security of data stored in Cloud Storage for your company, Dress4Win. You have already created a set of Google Groups and assigned the appropriate users to those groups. You should use Google best practices and implement the simplest design to meet the requirements.
Considering Dress4Win's business and technical requirements, what should you do?
To ensure the security of data stored in Cloud Storage and to follow Google's best practices, it is optimal to use predefined IAM roles assigned to the Google Groups created. Predefined roles are designed to follow the principle of least privilege, which aligns with security best practices by granting only the necessary permissions to users. Additionally, utilizing Google's default encryption at rest ensures the data is automatically encrypted without the need for extra configurations, providing a simple and effective solution. This approach meets both the security and simplicity requirements.
C is the simplest
I am a bit confused "You should use Google best practices and implement the simplest design to meet the requirements." ---> Simplest -- agree with D, but for googles best practice I will go with A
Ignore my comment, Agree C is the simple -- https://cloud.google.com/compute/docs/disks/customer-supplied-encryption
C is ok
c is correct - going by simplest design whereas google manages the encrytion though by default and thats sufficient
ans is C
how come it's C , and for best practice we need to use Custom Roles
There 2 requirements 1) best practices = least privilege = custom role 2) simplest = default encryption as : If you use customer-supplied encryption keys or client-side encryption, you must securely manage your keys and ensure that they are not lost. If you lose your keys, you are no longer able to read your data, and you continue to be charged for storage of your objects until you delete them.
What about option B..default encryption[which is simple to manage] + Custom role[which is secure compared to predefined and not difficult to create]
I agrre. I will go with B.
It has to be B
there is no option to 'enable default encyption' as such! It is provided by default if you dont do anything.
Check out this link - https://cloud.google.com/iam/docs/using-iam-securely Basic roles include thousands of permissions across all Google Cloud services. In production environments, do not grant basic roles unless there is no alternative. Instead, grant the most limited predefined roles or custom roles that meet your needs.
IMO - C is ok. Simplest --> predefined roles + default encryption
Cloud storage encryption is enabled by default. Why would you need to enable it as stated in B? Answer is A, use CSEK and specify a .boto file during upload with gsutil, simple!
it says simple, what you say is not as easy as possible... default encryption is easier
C. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Utilize Googleג€™s default encryption at rest when storing files in Cloud Storage.
vote C
C is the 'Google' answer here :)
Answer is B
From "Google's best practices and simplest design" Answer should be C
C. Best practice is predefined not custom. Only use custom when predefined to broard.
C is correct
Answer is B
hey guys new Qs posted as of July 12th, 2021, All 21 new Qs in Question #152
hey guys new Qs posted as of July 12th, 2021, All 21 new Qs in Question #152
B custom IAM & out of box encryption
Encrypt Cloud Storage data with Cloud KMS
C is answer