Google Cloud Professional Data Engineer — Question 90

Government regulations in your industry mandate that you have to maintain an auditable record of access to certain types of data. Assuming that all expiring logs will be archived correctly, where should you store data that is subject to that mandate?

Answer options

• A. Encrypted on Cloud Storage with user-supplied encryption keys. A separate decryption key will be given to each authorized user.
• B. In a BigQuery dataset that is viewable only by authorized personnel, with the Data Access log used to provide the auditability.
• C. In Cloud SQL, with separate database user names to each user. The Cloud SQL Admin activity logs will be used to provide the auditability.
• D. In a bucket on Cloud Storage that is accessible only by an AppEngine service that collects user information and logs the access before providing a link to the bucket.

Correct answer: B

Explanation

Option B is correct because storing data in a BigQuery dataset that is limited to authorized personnel allows for effective auditability through the Data Access log. Options A and C do not provide the same level of access control and auditing, while option D relies on an AppEngine service which may introduce additional complexity and access management challenges.