Topic 1 Question 200

Professional Data Engineer

Topic 1 Question 200
Government regulations in the banking industry mandate the protection of clients' personally identifiable information (PII). Your company requires PII to be access controlled, encrypted, and compliant with major data protection standards. In addition to using Cloud Data Loss Prevention (Cloud DLP), you want to follow Google-recommended practices and use service accounts to control access to PII. What should you do?
- Assign the required Identity and Access Management (IAM) roles to every employee, and create a single service account to access project resources.
- Use one service account to access a Cloud SQL database, and use separate service accounts for each human user.
- Use Cloud Storage to comply with major data protection standards. Use one service account shared by all users.
- Use Cloud Storage to comply with major data protection standards. Use multiple service accounts attached to IAM groups to grant the appropriate access to each group.
ユーザの投票
コメント(16)
- 正解だと思う選択肢: A
  ✅[A] is the only acceptable answer. ❌[B] rejected (no need to elaborate) ❌[C] and [D] rejected. Why should we be obliged to use Cloud Storage? Other storage options in Google Cloud aren't compliant with "major data protection standards"?
  
  ❗[D] has another rejection reason, the following quotes: 🔸From <https://cloud.google.com/iam/docs/service-accounts>: "You can add service accounts to a Google group, then grant roles to the group. However, adding service accounts to groups is not a best practice. Service accounts are used by applications, and each application is likely to have its own access requirements" 🔸From <https://cloud.google.com/iam/docs/best-practices-service-accounts#groups>: "Avoid using groups for granting service accounts access to resources"
  
  👍 15
  NicolasN2022/12/05
- 正解だと思う選択肢: D
  I vote D
  
  👍 4
  Wasss1232022/09/12
- 正解だと思う選択肢: D
  for A: please refer to this link below which suggests "Sharing a single service account across multiple applications can complicate the management of the service account" - meaning it's not a best practice. https://cloud.google.com/iam/docs/best-practices-service-accounts#single-purpose Also, what if we have hundreds of users, does it really make sense to manage each user's IAM individually?
  
  for D: it's indeed not one of the best practices but I believe it's much more managable and better than A
  
  👍 4
  cetanx2023/01/23
シャッフルモード

ユーザの投票

コメント(16)

✅[A] is the only acceptable answer. ❌[B] rejected (no need to elaborate) ❌[C] and [D] rejected. Why should we be obliged to use Cloud Storage? Other storage options in Google Cloud aren't compliant with "major data protection standards"?