GCP Professional Cloud Security Engineer Practice Question
Your security team discovered that several Cloud Storage objects are publicly readable because developers added object-level ACLs directly on those objects. They want to eliminate this risk across all production buckets while simplifying future permission audits. You must implement a solution that:
Prevents any new or existing object ACLs from granting access.
Allows you to manage access only through IAM roles granted on the bucket.
Keeps data available to current internal workloads that already have Storage Object Viewer on the bucket. Which action will meet these requirements with the least operational overhead?
Enable uniform bucket-level access on the affected buckets and rely solely on IAM policies for future permissions.
Move the objects into new buckets where Public Access Prevention is enforced, and manage per-object sharing there.
Remove all existing object ACLs with the gsutil acl ch -d AllUsers command and instruct developers to avoid setting ACLs going forward.
Create an IAM deny policy that blocks the storage.objects.create permission when it includes an ACL granting AllUsers access.
Enabling uniform bucket-level access on a bucket disables the evaluation of all legacy object ACLs for that bucket. From that point on, Cloud Storage enforces access decisions exclusively through IAM policies set on the bucket (or inherited from ancestors). Existing IAM role grants such as Storage Object Viewer remain in effect, so internal services that rely on those roles continue to work. Because object-level ACLs are ignored, no new ACL entries-whether added intentionally or accidentally-can make objects public, which greatly simplifies auditing. Other options either leave ACLs in place, rely on manual removal of ACLs without preventing their re-creation, or increase operational complexity without eliminating the underlying risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is uniform bucket-level access in Google Cloud Storage?
Open an interactive chat with Bash
What are object ACLs, and why are they less secure than IAM policies?
Open an interactive chat with Bash
How does enabling uniform bucket-level access simplify permission audits?
Open an interactive chat with Bash
What is uniform bucket-level access?
Open an interactive chat with Bash
How does IAM differ from ACLs in Cloud Storage?
Open an interactive chat with Bash
What happens to existing ACLs when uniform bucket-level access is enabled?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .