Best Strategies for Data Security and Expiration in Application Design
Question
You are building an application that processes data files uploaded from thousands of suppliers.
Your primary goals for the application are data security and the expiration of aged data.
You need to design the application to: Restrict access so that suppliers can access only their own data.
Give suppliers write access to data only for 30 minutes.
Delete data that is over 45 days old.
You have a very short development cycle, and you need to make sure that the application requires minimal maintenance.
Which two strategies should you use? (Choose two.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.AE.
To fulfill the requirements of restricting access, giving write access for a limited time, and deleting aged data, there are several strategies to consider.
A) Build a lifecycle policy to delete Cloud Storage objects after 45 days A lifecycle policy is a way to automate the deletion of objects in Cloud Storage based on specific criteria. By creating a lifecycle policy, you can define rules to delete objects that are older than a certain age. In this case, setting the policy to delete objects older than 45 days would meet the requirement to delete aged data. This strategy requires minimal maintenance once the policy is set up.
B) Use signed URLs to allow suppliers limited time access to store their objects Signed URLs are a way to grant time-limited access to specific objects in Cloud Storage. By generating a signed URL, you can provide suppliers with write access to their data for a specified amount of time. After the time limit has expired, the URL becomes invalid, and the supplier no longer has write access. This strategy would meet the requirement to give suppliers write access to data only for 30 minutes.
C) Set up an SFTP server for your application and create a separate user for each supplier An SFTP server would allow suppliers to securely upload their data files to the application. By creating a separate user for each supplier, you can restrict access to only their own data. However, this strategy does not address the requirement to automatically delete aged data.
D) Build a Cloud function that triggers a timer of 45 days to delete objects that have expired A Cloud function could be used to automate the deletion of aged data. By triggering the function every 45 days, you could delete objects that are older than the specified time limit. This strategy would meet the requirement to delete aged data, but it does not address the requirements to restrict access or give suppliers write access for a limited time.
E) Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days This strategy is not recommended as it is overly broad and could result in the accidental deletion of important data. Furthermore, this strategy does not address the requirements to restrict access or give suppliers write access for a limited time.
In conclusion, the two strategies that should be used to fulfill the requirements are A) Build a lifecycle policy to delete Cloud Storage objects after 45 days and B) Use signed URLs to allow suppliers limited time access to store their objects. These strategies would ensure data security, restrict access, give suppliers write access for a limited time, and automatically delete aged data.
