Module 3: Securing Cloud Data: Techniques and Best Practices

Looking for ‘Security Best Practices in Google Cloud Module 3 Answers’?

In this post, I provide complete, accurate, and detailed explanations for the answers to Module 3: Securing Cloud Data: Techniques and Best Practices of Course 10: Security Best Practices in Google Cloud – Preparing for Google Cloud Certification: Cloud Security Engineer Professional Certificate.

Whether you’re preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Let’s dive into the correct answers and detailed explanations for each question!

Module Quiz

Graded Assignment

1. Which TWO of the following statements are TRUE when discussing Cloud Storage and IAM permissions?

  • Using deny rules prevent certain principals from using certain permissions, regardless of the roles they’re granted. ✅
  • Access can be granted to Cloud Storage at the organization, folder, project, or bucket levels. ✅
  • Using IAM permissions alone gives you control over your projects, buckets, and individual objects.
  • A user needs permission from both IAM or an ACL to access a bucket or object.

Explanation:

  • Deny rules override allow rules in IAM, making them a powerful way to block access.
  • IAM allows hierarchical access management: org > folder > project > bucket.

2. Which TWO of the following statements are TRUE when discussing storage and BigQuery best practices?

  • Do not use any personally identifiable information as object names. ✅
  • One option to serve content securely to outside users is to use signed URLs. ✅
  • BigQuery data can be adequately secured using the default basic roles available in Google Cloud.
  • In most cases, you should use Access Control Lists (ACLs) instead of IAM permissions.

Explanation:

  • Object names can show up in logs and URLs, so avoid PII in names.
  • Signed URLs are secure, time-limited links to share private objects.

3. Which TWO of the following statements is TRUE with regards to security in BigQuery and its datasets?

  • A BigQuery Authorized View allows administrators to restrict users to viewing only subsets of a dataset. ✅
  • Using IAM, you can grant users granular permissions to BigQuery tables, rows and columns.
  • BigQuery has its own list of assignable IAM roles. ✅
  • It is always better to assign BigQuery roles to individuals as this will help to lower operational overhead.

Explanation:

  • Authorized Views can expose only specific columns or filtered data from a dataset.
  • BigQuery provides predefined IAM roles like roles/bigquery.dataViewer, dataEditor, etc.

Related contents:

Module 2: Securing Compute Engine: Techniques and Best Practices
Module 4: Application Security: Techniques and Best Practices
Module 5: Securing Google Kubernetes Engine: Techniques and Best Practices

You might also like:

Course 1: Preparing for Your Professional Cloud Security Engineer Journey
Course 2: Google Cloud Fundamentals: Core Infrastructure
Course 3: Networking in Google Cloud: Fundamentals
Course 4: Networking in Google Cloud: Routing and Addressing
Course 5: Networking in Google Cloud: Network Architecture
Course 6: Networking in Google Cloud: Network Security
Course 7: Networking in Google Cloud: Load Balancing
Course 8: Networking in Google Cloud: Hybrid and Multicloud
Course 9: Managing Security in Google Cloud
Course 11: Mitigating Security Vulnerabilities on Google Cloud
Course 12: Logging and Monitoring in Google Cloud
Course 13: Observability in Google Cloud
Course 14: Hands-On Labs in Google Cloud for Security Engineers

Leave a Reply