Topic 1 Question 69

Associate Data Practitioner

Topic 1 Question 69
Your organization has a BigQuery dataset that contains sensitive employee information such as salaries and performance reviews. The payroll specialist in the HR department needs to have continuous access to aggregated performance data, but they do not need continuous access to other sensitive data. You need to grant the payroll specialist access to the performance data without granting them access to the entire dataset using the simplest and most secure approach. What should you do?
- Use authorized views to share query results with the payroll specialist.
- Create row-level and column-level permissions and policies on the table that contains performance data in the dataset. Provide the payroll specialist with the appropriate permission set.
- Create a table with the aggregated performance data. Use table-level permissions to grant access to the payroll specialist.
- Create a SQL query with the aggregated performance data. Export the results to an Avro file in a Cloud Storage bucket. Share the bucket with the payroll specialist.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: A
  Creating a separate table duplicates data and introduces potential data consistency issues. Authorized views provide a more dynamic and maintainable solution.
  
  👍 2
  SaquibHerman2025/02/20
- 正解だと思う選択肢: C
  The best approach is C. Create a table with the aggregated performance data. Use table-level permissions to grant access to the payroll specialist.
  
  👍 1
  a_vi2025/01/27
- 正解だと思う選択肢: A
  The best option is A. Use authorized views. Option A is best because authorized views are the simplest and most secure way to share query results (aggregated data) without granting access to underlying sensitive data. The payroll specialist only sees the view, not the raw data. Option B (Row/column permissions) is incorrect because it's more complex to set up and manage than authorized views, and might still grant access to the sensitive table, just with restrictions. Option C (New aggregated table) is incorrect because creating a new table adds unnecessary data duplication and management overhead compared to views. Option D (Export to Cloud Storage) is incorrect because it's the most complex and least secure - exporting data creates copies and sharing a bucket is less controlled than BigQuery access controls. Therefore, Option A, authorized views, is the simplest and most secure approach for this scenario.
  
  👍 1
  n21837128472025/03/05
シャッフルモード

ユーザの投票

コメント(3)