Google Cloud Professional Cloud Security Engineer — Question 151

Your organization uses BigQuery to process highly sensitive, structured datasets. Following the “need to know” principle, you need to create the Identity and Access Management (IAM) design to meet the needs of these users:
• Business user: must access curated reports.
• Data engineer: must administrate the data lifecycle in the platform.
• Security operator: must review user activity on the data platform.

What should you do?

Answer options

• A. Configure data access log for BigQuery services, and grant Project Viewer role to security operator.
• B. Set row-based access control based on the “region” column, and filter the record from the United States for data engineers.
• C. Create curated tables in a separate dataset and assign the role roles/bigquery.dataViewer.
• D. Generate a CSV data file based on the business user's needs, and send the data to their email addresses.

Correct answer: C

Explanation

The correct answer is C because creating curated tables in a separate dataset allows for controlled access and aligns with the needs of the business user. Option A does not restrict access appropriately, while B's row-level filtering is unnecessary for the data engineer's role, and D is inefficient for ongoing access to reports.