Google Cloud Associate Data Practitioner — Question 56

You are a data analyst working with sensitive customer data in BigQuery. You need to ensure that only authorized personnel within your organization can query this data, while following the principle of least privilege. What should you do?

Answer options

• A. Enable access control by using IAM roles.
• B. Encrypt the data by using customer-managed encryption keys (CMEK).
• C. Update dataset privileges by using the SQL GRANT statement.
• D. Export the data to Cloud Storage, and use signed URLs to authorize access.

Correct answer: A

Explanation

The correct answer is A because enabling access control with IAM roles restricts data access to only those who are authorized, which aligns with the principle of least privilege. Option B, while important for data security, does not directly control access permissions. Option C does not apply to BigQuery since it uses IAM for access control rather than SQL GRANT statements. Option D introduces unnecessary complexity and does not ensure least privilege access in the BigQuery context.