You are working at a financial institution that stores mortgage loan approval documents on Cloud Storage. Any change to these approval documents must be uploaded as a separate approval file. You need to ensure that these documents cannot be deleted or overwritten for the next 5 years. What should you do?
Choose an answer
Tap an option to check your answer.
Correct answer: Create a retention policy on the bucket for the duration of 5 years. Create a lock on the retention policy..
Why this is the answer
The correct approach is to create a retention policy on the Cloud Storage bucket for 5 years and then lock that policy. A locked retention policy prevents objects from being deleted or overwritten until their retention period expires, ensuring immutability for the specified duration. This directly addresses the requirement for documents to be undeletable and unchangeable for 5 years. Organizational constraints (like constraints/storage.retentionPolicySeconds) define minimum retention periods for new buckets or objects, but they don't prevent deletion or overwriting of existing objects if a bucket's specific retention policy is not set or locked. They also don't enforce immutability in the same way a locked bucket-level retention policy does. Customer-managed encryption keys (CMEK) protect data at rest but do not prevent deletion or overwriting of objects.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed