Google Cloud Professional Data Engineer — Question 50

You are implementing security best practices on your data pipeline. Currently, you are manually executing jobs as the Project Owner. You want to automate these jobs by taking nightly batch files containing non-public information from Google Cloud Storage, processing them with a Spark Scala job on a Google Cloud
Dataproc cluster, and depositing the results into Google BigQuery.
How should you securely run this workload?

Answer options

• A. Restrict the Google Cloud Storage bucket so only you can see the files
• B. Grant the Project Owner role to a service account, and run the job with it
• C. Use a service account with the ability to read the batch files and to write to BigQuery
• D. Use a user account with the Project Viewer role on the Cloud Dataproc cluster to read the batch files and write to BigQuery

Correct answer: C

Explanation

The correct answer is C because using a service account with the appropriate permissions ensures that the workload can run automatically and securely without exposing sensitive information. Option A does not allow for automation, while B grants excessive permissions, and D uses a user account that does not have enough permissions to write to BigQuery.