Which statement best explains how a Signed URL grants temporary access to a resource in Google Cloud Storage?
Think about how the URL itself controls access without changing user accounts or permissions.
A Signed URL includes a cryptographic signature and an expiration timestamp. This allows anyone with the URL to access the resource only until the expiration time, without changing the resource's permissions or creating new users.
You create a Signed URL with an expiration time set to 10 minutes from now. What happens if a user tries to access the URL after 15 minutes?
Consider what the expiration time controls in a Signed URL.
Once the expiration time passes, the Signed URL is no longer valid, and access is denied to protect the resource.
You want to share a Signed URL with a client securely. Which method is the best practice to distribute the Signed URL?
Think about how to keep the URL secret to prevent unauthorized access.
Signed URLs grant access to resources, so sharing them over secure, encrypted channels prevents interception by unauthorized users.
You create a Signed URL for a private object in Cloud Storage. After creating the URL, you change the object's permissions to public. What happens when someone uses the Signed URL?
Consider how Signed URLs and object permissions interact.
Changing the object to public makes it accessible to anyone, regardless of the Signed URL. The Signed URL remains valid until its expiration.
What is the main security risk of setting a very long expiration time (e.g., several months) on a Signed URL?
Think about what happens if someone else gets the URL.
Long expiration times increase the window during which a leaked Signed URL can be misused, risking unauthorized access.