Question 108 of 500
Ensuring data protectionhardMultiple ChoiceObjective-mapped

Quick Answer

The answer is to enable uniform bucket-level access, set IAM policies, and enable Cloud Audit Logs. This configuration is correct because uniform bucket-level access disables legacy ACLs, forcing all permission decisions to be governed solely by IAM roles, which eliminates the risk of public access through misconfigured ACLs and simplifies permission management. Setting specific IAM policies ensures only authorized users with designated roles can access the bucket, while Cloud Audit Logs capture every access request for compliance and forensic review. On the Google Professional Cloud Security Engineer exam, this scenario tests your understanding of how uniform bucket-level access centralizes access control and directly addresses the requirement to prevent public exposure—a common trap is assuming ACLs can remain enabled alongside IAM, which creates conflicting permissions and potential security gaps. Remember the memory tip: “Uniform unifies, ACLs are nullified, IAM decides, and Audit provides.”

PCSE Ensuring data protection Practice Question

This PCSE practice question tests your understanding of ensuring data protection. This is a configuration task: choose the command set that satisfies every stated requirement. Small differences — like 'secret' vs 'password' or 'transport input ssh' vs 'all' — change whether the answer is correct. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A company has a Cloud Storage bucket containing sensitive data. They want to ensure that only users with specific IAM roles can access the bucket, and that access is logged for audit purposes. They also want to prevent public access. Which configuration steps should they take?

Question 1hardmultiple choice
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Enable uniform bucket-level access, set IAM policies, and enable Cloud Audit Logs.

Option C is correct because enabling uniform bucket-level access disables ACLs, forcing all access decisions to be made by IAM policies alone, which simplifies permission management and prevents public access. Setting IAM policies ensures only users with specific roles can access the bucket, and enabling Cloud Audit Logs captures all access requests for audit purposes. This combination meets all requirements: no public access, role-based access control, and logging.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Use IAM roles only and enable Cloud Audit Logs, but keep ACLs enabled.

    Why it's wrong here

    ACLs can override IAM permissions.

  • Use VPC Service Controls and enable Cloud Audit Logs.

    Why it's wrong here

    VPC Service Controls control network access, not bucket-level access.

  • Enable uniform bucket-level access, set IAM policies, and enable Cloud Audit Logs.

    Why this is correct

    Uniform bucket-level access disables ACLs and relies solely on IAM, and audit logs track access.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Enable fine-grained access using ACLs and enable Cloud Audit Logs.

    Why it's wrong here

    ACLs can allow public access unintentionally and are harder to audit.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Google Cloud often tests the misconception that ACLs are still needed for granular control, but uniform bucket-level access combined with IAM is the modern, secure approach that prevents public access and simplifies auditing.

Detailed technical explanation

How to think about this question

Uniform bucket-level access is a bucket-level setting that, when enabled, disables object-level ACLs and forces all access control to be evaluated through IAM policies. This eliminates the risk of a misconfigured ACL granting unintended public access, as ACLs are no longer evaluated. Cloud Audit Logs for Cloud Storage capture Admin Activity and Data Access logs, which record who accessed the bucket, from which IP, and what action was taken, providing a complete audit trail for compliance.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A media company stores terabytes of video archives that are accessed once a year for audit purposes. Moving these objects to a cold storage tier (Azure Archive, S3 Glacier, or Google Nearline) costs a fraction of hot storage. Questions like this test whether you understand storage tiers, access frequency tradeoffs, and retrieval latency requirements.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related PCSE practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free PCSE practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this PCSE question test?

Ensuring data protection — This question tests Ensuring data protection — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Enable uniform bucket-level access, set IAM policies, and enable Cloud Audit Logs. — Option C is correct because enabling uniform bucket-level access disables ACLs, forcing all access decisions to be made by IAM policies alone, which simplifies permission management and prevents public access. Setting IAM policies ensures only users with specific roles can access the bucket, and enabling Cloud Audit Logs captures all access requests for audit purposes. This combination meets all requirements: no public access, role-based access control, and logging.

What should I do if I get this PCSE question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 30, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This PCSE practice question is part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the PCSE exam.