Google Cloud Professional Cloud Security Engineer Practice Exam

What method can improve the security of data stored in GCP from unauthorized access?

• A. Using strong IAM policies
• B. Storing data in multiple regions
• C. Employing only public IP addresses
• D. Reducing encryption standards

The correct answer is: Using strong IAM policies

Using strong IAM policies is a fundamental method to enhance the security of data stored in Google Cloud Platform (GCP) against unauthorized access. Identity and Access Management (IAM) allows you to manage access to resources and services in GCP by defining who (identity) has what access (roles) to which resources. By creating granular IAM policies, organizations can enforce the principle of least privilege, granting users only the access that is necessary for them to perform their jobs. With robust IAM policies, you can define roles that include specific permissions tailored to the functions performed by individual users, groups, or service accounts. This reduces the risk of accidental or malicious actions that could expose data. Moreover, IAM policies support features like conditional access, which can provide additional layers of security by evaluating attributes like location, device security status, or time of access. In contrast, options such as storing data in multiple regions might enhance data availability or compliance but do not inherently strengthen security against unauthorized access. Employing only public IP addresses generally increases exposure to potential security threats and does not align with best practices for securing cloud resources. Finally, reducing encryption standards compromises the protection of data, making it more vulnerable to unauthorized access rather than improving security.