Topic 1 Question 54
You are a data analyst working with sensitive customer data in BigQuery. You need to ensure that only authorized personnel within your organization can query this data, while following the principle of least privilege. What should you do?
Enable access control by using IAM roles.
Encrypt the data by using customer-managed encryption keys (CMEK).
Update dataset privileges by using the SQL GRANT statement.
Export the data to Cloud Storage, and use signed URLs to authorize access.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: A
The best option is A. Enable access control by using IAM roles. Option A is optimal because IAM roles are the standard Google Cloud method for managing access, directly enabling least privilege for BigQuery. Option B (CMEK) is incorrect because encryption secures data but doesn't control access. Option C (SQL GRANT) is less preferred than IAM for broader GCP access management. Option D (Export and signed URLs) is incorrect as it's complex, less secure, and not for controlling BigQuery query access. Therefore, Option A is the most direct and secure way to manage access to sensitive BigQuery data.
👍 1n21837128472025/03/05
シャッフルモード