Google Cloud Professional Cloud Security Engineer Practice Exam

When investigating public access incidents in Cloud Storage buckets, what immediate actions should be taken?

• A. Change bucket permissions and enforce storage public access prevention
• B. Increase bucket versioning and log retention settings
• C. Delete unauthorized data before analyzing logs
• D. Make the buckets entirely private by default

The correct answer is: Change bucket permissions and enforce storage public access prevention

Changing bucket permissions and enforcing storage public access prevention is a critical immediate action when investigating public access incidents in Cloud Storage buckets. This step helps to quickly mitigate any ongoing exposure of data, effectively preventing further unauthorized access. By revising the permissions, you can ensure that only authorized users or applications have the ability to access or modify the bucket's contents, which is essential in responding to a security incident. Enforcing public access prevention is a proactive measure that protects the bucket from being publicly accessible, which is vital in scenarios where sensitive data might have been exposed. Implementing these changes provides immediate control over the situation and helps to contain the incident while further investigation is initiated. In this context, actions like increasing bucket versioning or log retention settings might be beneficial for long-term data management and auditing, but they do not directly address the immediate security implications of public access incidents. Similarly, deleting unauthorized data before analyzing logs could lead to the loss of crucial evidence needed to understand the full scope of the incident. Making the buckets entirely private by default is a good practice for future configurations but does not resolve the current issue of public exposure.