Cloud Digital Leader Exam QuestionsBrowse all questions from this exam

Cloud Digital Leader Exam - Question 39


Your organization needs to restrict access to a Cloud Storage bucket. Only employees who are based in Canada should be allowed to view the contents.

What is the most effective and efficient way to satisfy this requirement?

Show Answer
Correct Answer: D

The most effective and efficient way to restrict access to a Cloud Storage bucket so that only employees based in Canada can view its contents is to create a group consisting of all Canada-based employees and give the group access to the bucket. This method allows for straightforward management as employees move in and out of the group, ensuring that only those who are based in Canada have access, regardless of their current physical location. This approach also simplifies the process of granting or revoking access rights.

Discussion

17 comments
Sign in to comment
HalimbOption: D
Jan 26, 2022

Correct answer is D. Question is tricky, but it says "based" in Canada. That is not the same as restricting access to "from Canada". An employee can for instance be based in Canada, but access the services while on business trip to Singapore.

Guru4CloudOption: D
Dec 17, 2023

Imagine a lock on your bucket. You want only Canadian employees to have keys. Here's the easiest way: Make a key club: Create a group called "Canada Keys". Add all Canadian employees: Give everyone in that group a key. Keep outsiders out: No key, no entry to the bucket! This way, you manage one key club instead of many individual keys, making it easier to add/remove people and keeping your bucket secure. Clear as day?

cookieMrOption: D
Jun 10, 2023

To restrict access to a Cloud Storage bucket and ensure that only employees based in Canada can view its contents, you can use Cloud Identity and Access Management (Cloud IAM) in combination with Identity-Aware Proxy (IAP). By combining Cloud IAM and IAP, you can enforce fine-grained access control to the Cloud Storage bucket. Only employees based in Canada, as defined in the Cloud IAM roles and IAP access policy, will be able to view the bucket's contents. This provides an effective and efficient way to satisfy the access restriction requirement while leveraging Google Cloud's built-in identity and access management capabilities.

hireshguptOption: D
Jul 24, 2023

Option D is the most effective and efficient way to restrict access to the bucket. Creating a group consisting of all Canada-based employees and giving the group access to the bucket will allow you to easily manage access to the bucket. You can add or remove employees from the group as needed, and you can give the group different levels of access to the bucket.

Wr5050Option: D
Apr 2, 2024

I found an excellent explanation on this site, the questions seem to be verified there https://techcertificationhelp.com/cloud-digital-leader/only-employees-who-are-based-in-canada-should-be-allowed-to-view-the-c

Laura93Option: B
Jun 10, 2023

The answer should be B. In this case, you can create a rule that allows access to the Cloud Storage bucket only from IP addresses based in Canada. This will ensure that only employees who are based in Canada will be able to access the bucket. D is not the most effective way to restrict access to the bucket. If an employee is added to the group, they would be able to access the bucket, even if they are not based in Canada.

oezganOption: D
Sep 21, 2023

Although a bit old I found this on Serverfault: "But, IP deny list/allow list for HTTP(S) Load Balancing is not supported for Cloud Storage backends. See Security Policy Concepts - Restrictions for details. " Thus, the answer must be D. (I Hope). Reference: https://serverfault.com/questions/992666/using-google-cloud-armor-to-block-requests-to-google-cloud-storage

Giuliano72Option: D
Sep 27, 2023

D in correct

Pearl81Option: D
Jan 12, 2024

If read carefully, question is granting access for "employees based in Canada" and not "employees in Canada". This makes a lot of different. Correct answer is D.

Kunjesh9867
Jul 8, 2024

Yes that is correct

omgitseleOption: B
Apr 22, 2023

Correct answer is B. Even if a user based in Canada travels abroad, you do NOT want them to be able to have access. The question is badly phrased, but essentially it says "restrict any access outside of Canada" thus correct answer is B.

MBNeloOption: D
May 3, 2023

"based", not "in"

ihavenonicknameOption: D
Jun 30, 2023

ip restrictions can be bypassed

mdsarfraz69Option: B
Sep 25, 2023

B is correct

RajanOption: D
Oct 16, 2023

D is correct.

chai_gptOption: D
Nov 5, 2023

D is correct

MMeenaOption: B
Feb 29, 2024

I think 'B' may be the option. question says "Only employees who are based in Canada" and considering the Google's security policy of 'Least Privilege Access' , option D, will give access to all Canada Employees, where they need to have access or not, which may be a security threat

PanosPerisOption: D
May 26, 2024

IP is a poor way to restrict access. Employees based in Canada could be working from anywhere.