Google Exam Professional-Cloud-Security-Engineer Topic 4 Question 69 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 69
Topic #: 4

[All Professional Cloud Security Engineer Questions]

Your organization uses BigQuery to process highly sensitive, structured datasets. Following the "need to know" principle, you need to create the Identity and Access Management (IAM) design to meet the needs of these users:

* Business user must access curated reports.

* Data engineer: must administrate the data lifecycle in the platform.

* Security operator: must review user activity on the data platform.

What should you do?

AConfigure data access log for BigQuery services, and grant Project Viewer role to security operators.

BGenerate a CSV data file based on the business user's needs, and send the data to their email addresses.

CCreate curated tables in a separate dataset and assign the role roles/bigquery.dataViewer.

DSet row-based access control based on the 'region' column, and filter the record from the United States for data engineers.

Show Suggested Answer

Suggested Answer: C

This option directly addresses the needs of the business user who must access curated reports. By creating curated tables in a separate dataset, you can control access to specific data. Assigning the roles/bigquery.dataViewer role allows the business user to view the data in BigQuery.

by Jess at Dec 14, 2023, 12:02 PM

Limited Time Offer

25%

Off

Get Premium Professional-Cloud-Security-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Florinda

10 days ago

I think option C is the way to go. It's the only one that really addresses all the requirements while maintaining the necessary security measures. Plus, it's the most straightforward solution - no need to get overly complex with things like row-level access control.

upvoted 0 times

...

Clemencia

11 days ago

Yeah, I'm leaning towards option C as well. The other options either involve too much risk or don't provide the level of control and granularity we need. I like how option C separates the datasets and assigns the appropriate roles.

upvoted 0 times

...

Laura

12 days ago

I agree with Janey. Option C seems like the most secure and user-friendly solution. Sending a CSV file to the business user's email would be a security risk, and the other options don't fully address the need-to-know principle.

upvoted 0 times

...

Janey

13 days ago

Hmm, this is a tricky question. I think the best approach is to go with option C. Creating curated tables in a separate dataset and assigning the role roles/bigquery.dataViewer seems like the most appropriate way to handle the requirement of the business user needing access to the reports.

upvoted 0 times

...