Google Cloud Professional Cloud Security Engineer — Question 325

Your organization has sensitive data stored in BigQuery and Cloud Storage. You need to design a solution that provides granular and flexible control authorization to read data. What should you do?

Answer options

• A. Deidentify sensitive fields within the dataset by using data leakage protection within the Sensitive Data Protection services.
• B. Use Cloud External Key Manager (Cloud EKM) to encrypt the data in BigQuery and Cloud Storage.
• C. Grant identity and access management (IAM) roles and permissions to principals.
• D. Enable server-side encryption on the data in BigQuery and Cloud Storage.

Correct answer: C

Explanation

The correct answer is C because granting IAM roles and permissions allows for precise control over who can access specific data in BigQuery and Cloud Storage. Options A and B focus on data protection but do not directly address access control. Option D provides encryption, which is important for data security but does not manage user permissions.