GCP Professional Cloud Security Engineer Practice Question
A Cloud Storage bucket that stores quarterly financial statements currently has uniform bucket-level access enabled. During an audit, you need to grant read access on a single object (gs://fin-statements/Q1-2025.pdf) to one external accountant who uses a Gmail address. The accountant must not see any other objects in the bucket. What must you do before you can add an object-level ACL that meets this requirement?
Grant the accountant the roles/storage.objectViewer role on the bucket and rely on object retention policies to protect other files.
Enable Public Access Prevention and then assign a READER ACL to the object.
Disable uniform bucket-level access on the bucket, then apply an ACL that grants READER permission on the object to the accountant's Gmail address.
Add an IAM condition on the bucket binding that restricts roles/storage.objectViewer to the specific object path.
Uniform bucket-level access turns off Access Control Lists (ACLs) entirely; only IAM policies are evaluated. To set a fine-grained ACL on an individual object, uniform bucket-level access must first be disabled on the bucket. Once disabled, you can add an ACL entry that gives the accountant READER permission on Q1-2025.pdf without exposing other objects. The other options either leave uniform bucket-level access in place (preventing any ACL from being applied), apply bucket-wide permissions that over-grant access, or fail to make ACLs available.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is uniform bucket-level access in Cloud Storage?
Open an interactive chat with Bash
How do ACLs work in Google Cloud Storage?
Open an interactive chat with Bash
What happens when you disable uniform bucket-level access?
Open an interactive chat with Bash
What is uniform bucket-level access in Google Cloud Storage?
Open an interactive chat with Bash
What are Access Control Lists (ACLs) in Google Cloud Storage?
Open an interactive chat with Bash
How does disabling uniform bucket-level access affect a bucket's permissions?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Ensuring data protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .