Google Cloud Professional Cloud Security Engineer — Question 160

Your company’s users access data in a BigQuery table. You want to ensure they can only access the data during working hours.

What should you do?

Answer options

• A. Assign a BigQuery Data Viewer role along with an IAM condition that limits the access to specified working hours.
• B. Run a gsutil script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours.
• C. Assign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours.
• D. Configure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraint for BigQuery during the specified working hours.

Correct answer: A

Explanation

The correct answer is A because assigning a BigQuery Data Viewer role with an IAM condition effectively restricts access based on time, providing a straightforward and secure method. Options B and C are impractical as they involve manual or scripted actions that could lead to errors or oversight in access management. Option D is overly complex for the requirement, as modifying organizational policy constraints is not necessary for time-based access control.