You are a data analyst working with sensitive customer data in BigQuery. You need to ensure that only authorized personnel within your organization can query this data, while following the principle of least privilege. What should you do?
A.
Enable access control by using IAM roles.
B.
Encrypt the data by using customer-managed encryption keys (CMEK).
C.
Update dataset privileges by using the SQL GRANT statement.
D.
Export the data to Cloud Storage, and use signed URLs to authorize access.
The best option is A. Enable access control by using IAM roles. Option A is optimal because IAM roles are the standard Google Cloud method for managing access, directly enabling least privilege for BigQuery. Option B (CMEK) is incorrect because encryption secures data but doesn't control access. Option C (SQL GRANT) is less preferred than IAM for broader GCP access management. Option D (Export and signed URLs) is incorrect as it's complex, less secure, and not for controlling BigQuery query access. Therefore, Option A is the most direct and secure way to manage access to sensitive BigQuery data.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
n2183712847
1 month, 4 weeks ago