New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 4 Question 106 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 106
Topic #: 4
[All Professional Cloud Security Engineer Questions]

Your organization uses BigQuery to process highly sensitive, structured datasets. Following the "need to know" principle, you need to create the Identity and Access Management (IAM) design to meet the needs of these users:

* Business user must access curated reports.

* Data engineer: must administrate the data lifecycle in the platform.

* Security operator: must review user activity on the data platform.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: C

This option directly addresses the needs of the business user who must access curated reports. By creating curated tables in a separate dataset, you can control access to specific data. Assigning the roles/bigquery.dataViewer role allows the business user to view the data in BigQuery.


by Carmela at Jul 31, 2025, 04:08 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Brandon
3 months ago
I disagree, D is too restrictive for data engineers.
upvoted 0 times
...
Dahlia
3 months ago
I think C is the best choice for business users.
upvoted 0 times
...
Kristian
3 months ago
Wait, sending CSVs via email? That seems risky!
upvoted 0 times
...
Cammy
3 months ago
A and C together could really cover all bases!
upvoted 0 times
...
Jesus
3 months ago
Option A sounds solid for security operators.
upvoted 0 times
...
Narcisa
4 months ago
I'm a bit confused about option D; I know row-based access control is important, but I'm not sure if filtering by region is the right way to handle access for data engineers.
upvoted 0 times
...
Angella
4 months ago
I feel like option A could be relevant since it mentions configuring data access logs, which we covered in a practice question about monitoring user activity.
upvoted 0 times
...
Marylin
4 months ago
I think option C sounds familiar because we practiced creating curated tables and assigning roles, but I can't recall if that's the best approach for security operators.
upvoted 0 times
...
Melinda
4 months ago
I remember we discussed the importance of the "need to know" principle in our last study session, but I'm not sure which option best aligns with that.
upvoted 0 times
...
Rodney
5 months ago
I've got a strategy in mind. I'll need to set up the necessary permissions and access controls to meet the needs of each user, while also ensuring the "need to know" principle is upheld. Time to put my BigQuery IAM knowledge to the test!
upvoted 0 times
...
Annamae
5 months ago
Okay, let's see. I need to create an IAM design that grants the appropriate access for the business user, data engineer, and security operator. I'll need to review the access control options in BigQuery to determine the best approach.
upvoted 0 times
...
Alease
5 months ago
Hmm, I'm a bit unsure about this one. There are a few options that seem plausible, but I'll need to carefully consider the requirements for each user type.
upvoted 0 times
...
Shaniqua
5 months ago
This question seems straightforward. I think the key is to focus on the different user roles and their access needs.
upvoted 0 times
...
Arminda
5 months ago
Wait, we're not supposed to send sensitive data via email? That's news to me! Just kidding, C is the clear winner here.
upvoted 0 times
...
Nelida
5 months ago
D sounds interesting, but row-level access control might be overkill for this use case. I'd go with C as well.
upvoted 0 times
...
Mable
7 months ago
Haha, sending the data to their email? That's a security nightmare waiting to happen. C is definitely the way to go here.
upvoted 0 times
Marci
6 months ago
A) Configure data access log for BigQuery services, and grant Project Viewer role to security operators.
upvoted 0 times
...
...
Karon
7 months ago
A is a good start, but I think we need more granular control over who can access the sensitive data. C looks like the best solution to me.
upvoted 0 times
Freeman
6 months ago
A) Configure data access log for BigQuery services, and grant Project Viewer role to security operators.
upvoted 0 times
...
...
Dell
7 months ago
Option C seems like the way to go. Separating the curated data into a dedicated dataset and granting the appropriate roles is a clean and secure approach.
upvoted 0 times
Lorean
7 months ago
Definitely. It helps maintain data security and control access effectively.
upvoted 0 times
...
Taryn
7 months ago
That makes sense. It's important to ensure that the right users have access to the right data.
upvoted 0 times
...
Mindy
7 months ago
Option C seems like the way to go. Separating the curated data into a dedicated dataset and granting the appropriate roles is a clean and secure approach.
upvoted 0 times
...
...

Save Cancel