Google Cloud Professional Cloud Security Engineer — Question 123

You manage a BigQuery analytical data warehouse in your organization. You want to keep data for all your customers in a common table while you also restrict query access based on rows and columns permissions. Non-query operations should not be supported.

What should you do? (Choose two.)

Answer options

• A. Create row-level access policies to restrict the result data when you run queries with the filter expression set to TRUE.
• B. Configure column-level encryption by using Authenticated Encryption with Associated Data (AEAD) functions with Cloud Key Management Service (KMS) to control access to columns at query runtime.
• C. Create row-level access policies to restrict the result data when you run queries with the filter expression set to FALSE.
• D. Configure dynamic data masking rules to control access to columns at query runtime.
• E. Create column-level policy tags to control access to columns at query runtime.

Correct answer: C, E

Explanation

The correct answers are C and E because creating row-level access policies with the filter expression set to FALSE allows you to restrict access to certain rows of data while still making the data available to others. Additionally, column-level policy tags enable the control of access to specific columns in the data. Options A and D do not meet the requirement for restricting access appropriately, and B involves encryption rather than access control.