Bird
Raised Fist0
GCPcloud~20 mins

Signed URLs for temporary access in GCP - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Signed URL Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
How does a Signed URL provide temporary access?

Which statement best explains how a Signed URL grants temporary access to a resource in Google Cloud Storage?

AIt embeds a cryptographic signature and expiration time in the URL, allowing access only until the expiration.
BIt sends an email with a password to access the resource temporarily.
CIt changes the resource's permissions to public for a limited time.
DIt creates a new user account with limited permissions for a short time.
Attempts:
2 left
💡 Hint

Think about how the URL itself controls access without changing user accounts or permissions.

Configuration
intermediate
1:00remaining
Expiration time in Signed URLs

You create a Signed URL with an expiration time set to 10 minutes from now. What happens if a user tries to access the URL after 15 minutes?

AThe resource becomes publicly accessible permanently.
BThe access is allowed because the URL is still valid.
CThe access is denied because the Signed URL has expired.
DThe URL automatically renews the expiration time.
Attempts:
2 left
💡 Hint

Consider what the expiration time controls in a Signed URL.

Architecture
advanced
1:30remaining
Best practice for distributing Signed URLs securely

You want to share a Signed URL with a client securely. Which method is the best practice to distribute the Signed URL?

APost the Signed URL publicly on a website.
BSend the Signed URL over an encrypted channel like HTTPS or secure email.
CSend the Signed URL via plain text SMS.
DEmbed the Signed URL in a public GitHub repository.
Attempts:
2 left
💡 Hint

Think about how to keep the URL secret to prevent unauthorized access.

service_behavior
advanced
1:30remaining
Effect of changing object permissions after Signed URL creation

You create a Signed URL for a private object in Cloud Storage. After creating the URL, you change the object's permissions to public. What happens when someone uses the Signed URL?

AThe Signed URL still works until it expires, but the object is also accessible publicly without the URL.
BThe Signed URL expires immediately when permissions change.
CThe Signed URL stops working immediately after permissions change.
DThe Signed URL grants access only if the object remains private.
Attempts:
2 left
💡 Hint

Consider how Signed URLs and object permissions interact.

security
expert
2:00remaining
Security risk of long expiration times in Signed URLs

What is the main security risk of setting a very long expiration time (e.g., several months) on a Signed URL?

ALong expiration times cause the resource to become publicly listed in Cloud Storage.
BThe URL will automatically revoke access after 24 hours regardless of expiration time.
CSigned URLs with long expiration times consume more storage space.
DIf the URL is leaked, unauthorized users can access the resource for a long time.
Attempts:
2 left
💡 Hint

Think about what happens if someone else gets the URL.

Practice

(1/5)
1. What is the main purpose of a signed URL in Google Cloud Storage?
easy
A. To permanently make a file public to everyone
B. To encrypt a file stored in the bucket
C. To provide temporary, secure access to a file without making it public
D. To delete a file from the bucket automatically

Solution

  1. Step 1: Understand what signed URLs do

    Signed URLs allow access to a file for a limited time without changing its public status.

  2. Step 2: Compare options

    Only To provide temporary, secure access to a file without making it public describes temporary, secure access without making the file public.

  3. Final Answer:

    To provide temporary, secure access to a file without making it public -> Option C

  4. Quick Check:

    Signed URL = Temporary secure access [OK]
Hint: Signed URLs = temporary access without public exposure [OK]
Common Mistakes:
  • Thinking signed URLs make files permanently public
  • Confusing signed URLs with encryption
  • Assuming signed URLs delete files
2. Which gcloud command correctly creates a signed URL valid for 1 hour to download a file named photo.jpg from bucket my-bucket?
easy
A. gcloud storage signed-urls create gs://my-bucket/photo.jpg --duration=1h
B. gcloud storage signed-url create gs://my-bucket/photo.jpg --valid-for=1h
C. gcloud storage signed-url generate gs://my-bucket/photo.jpg --duration=60m
D. gcloud storage url-sign create gs://my-bucket/photo.jpg --time=1h

Solution

  1. Step 1: Identify correct command syntax

    The correct command uses 'gcloud storage signed-urls create' with '--duration' to specify time.

  2. Step 2: Check options for correct flags and command

    gcloud storage signed-urls create gs://my-bucket/photo.jpg --duration=1h matches the correct syntax and flag '--duration=1h'. Others use wrong flags or commands.

  3. Final Answer:

    gcloud storage signed-urls create gs://my-bucket/photo.jpg --duration=1h -> Option A

  4. Quick Check:

    Correct command + --duration flag = gcloud storage signed-urls create gs://my-bucket/photo.jpg --duration=1h [OK]
Hint: Use 'signed-urls create' with '--duration' for time [OK]
Common Mistakes:
  • Using incorrect flags like --valid-for or --time
  • Using 'generate' instead of 'create'
  • Mixing command order or bucket syntax
3. What will happen if you try to use a signed URL after its expiration time?
medium
A. The signed URL will return an error indicating access denied
B. The file will be accessible without restrictions
C. The signed URL will automatically renew for another period
D. The file will be deleted from the bucket

Solution

  1. Step 1: Understand signed URL expiration

    Signed URLs only allow access during their valid time window.

  2. Step 2: Identify behavior after expiration

    After expiration, access is denied and an error is returned.

  3. Final Answer:

    The signed URL will return an error indicating access denied -> Option A

  4. Quick Check:

    Expired signed URL = Access denied error [OK]
Hint: Expired signed URLs deny access with error [OK]
Common Mistakes:
  • Assuming URLs auto-renew after expiration
  • Thinking files become public after expiration
  • Believing files get deleted automatically
4. You created a signed URL with the command gcloud storage signed-urls create gs://my-bucket/file.txt --duration=30m, but users report they cannot access the file. What is the most likely cause?
medium
A. The bucket name is incorrect or does not exist
B. The file file.txt is missing or misspelled in the bucket
C. The signed URL duration is too long
D. Signed URLs do not work for text files

Solution

  1. Step 1: Check bucket and file existence

    If the file name is wrong or missing, access via signed URL fails.

  2. Step 2: Evaluate other options

    Bucket name error would cause different error; duration too long is allowed; file type does not restrict signed URLs.

  3. Final Answer:

    The file file.txt is missing or misspelled in the bucket -> Option B

  4. Quick Check:

    Missing file = Access failure [OK]
Hint: Check file name and existence if signed URL fails [OK]
Common Mistakes:
  • Assuming duration too long blocks access
  • Believing signed URLs depend on file type
  • Ignoring typos in file or bucket names
5. You want to share a file securely with a partner for exactly 2 hours, but only allow them to upload a new version, not download the existing one. Which approach using signed URLs is best?
hard
A. Create a signed URL with DELETE method and 2-hour duration
B. Create a signed URL with GET method and 2-hour duration for downloading
C. Make the file public and send the link
D. Create a signed URL with PUT method and 2-hour duration for uploading

Solution

  1. Step 1: Understand HTTP methods for signed URLs

    PUT allows uploading or replacing a file; GET allows downloading; DELETE removes the file.

  2. Step 2: Match requirement to method

    To allow upload but not download, use a signed URL with PUT method and set duration to 2 hours.

  3. Final Answer:

    Create a signed URL with PUT method and 2-hour duration for uploading -> Option D

  4. Quick Check:

    Upload access = PUT method signed URL [OK]
Hint: Use PUT signed URL to allow upload only [OK]
Common Mistakes:
  • Using GET method which allows download
  • Making file public exposes it permanently
  • Using DELETE method deletes the file