Topic 1 Question 10
3 つ選択Your company is in a highly regulated industry. One of your requirements is to ensure individual users have access only to the minimum amount of information required to do their jobs. You want to enforce this requirement with Google BigQuery. Which three approaches can you take?
Disable writes to certain tables.
Restrict access to tables by role.
Ensure that the data is encrypted at all times.
Restrict BigQuery API access to approved users.
Segregate data across multiple tables or databases.
Use Google Stackdriver Audit Logging to determine policy violations.
ユーザの投票
コメント(17)
correct option -> B. Restrict access to tables by role. Reference: https://cloud.google.com/bigquery/docs/table-access-controls-intro
correct option -> D. Restrict BigQuery API access to approved users. Only approved users will have access which means other users will have minimum amount of information required to do their job. Reference: https://cloud.google.com/bigquery/docs/access-control
correct option -> F. Use Google Stackdriver Audit Logging to determine policy violations. Reference: https://cloud.google.com/bigquery/docs/table-access-controls-intro#logging
A. Disable writes to certain tables. ---> Read is still available(not minimal access) C. Ensure that the data is encrypted at all times. ---> Data is encrypted by default. E. Segregate data across multiple tables or databases. ---> Normalization is of no help here.
👍 25samdhimal2022/01/22Correct: BDF
bigquery.tables.create Create new tables. bigquery.tables.delete Delete tables. bigquery.tables.export Export table data out of BigQuery. bigquery.tables.get Get table metadata. To get table data, you need bigquery.tables.getData. bigquery.tables.getData Get table data. This permission is required for querying table data. To get table metadata, you need bigquery.tables.get. bigquery.tables.list List tables and metadata on tables. bigquery.tables.setCategory Set policy tags in table schema. bigquery.tables.update Update table metadata. To update table data, you need bigquery.tables.updateData.
bigquery.tables.updateData Update table data. To update table metadata, you need bigquery.tables.update.
👍 20[Removed]2020/03/26- 正解だと思う選択肢: BDE
I disagree with [F]. It's too late for a "highly regulated industry" to detect access violations by audit logs. [E] is a more reasonable answer, since it is a kind of row-level security, especially the times when BigQuery row-level security wasn't available. It is a practice still recommended (even with row-level sec. available) for the extreme scenario that: (Through repeated observation of query duration when querying tables with row-level access policies,) "a user could infer the values of rows that otherwise might be protected by row-level access policies" "If you are sensitive to this level of protection, we recommend using separate tables to isolate rows with different access control requirements, instead." Source: https://cloud.google.com/bigquery/docs/best-practices-row-level-security#limit-side-channel-attacks
👍 3NicolasN2022/11/23
シャッフルモード