You have a BigQuery workload containing sensitive personally identifiable information (PII) that must not be accessible from the internet. To prevent data exfiltration, you need to ensure only queries from authorized IP addresses can access your BigQuery tables.

What should you do?

Exam-Like

Use service perimeter and create an access level based on the authorized source IP address as the condition.

Use Google Cloud Armor security policies defining an allowlist of authorized IP addresses at the global HTTPS load balancer.

Use the Restrict Resource Service Usage organization policy constraint along with Cloud Data Loss Prevention (DLP).

Use the Restrict allowed Google Cloud APIs and services organization policy constraint along with Cloud Data Loss Prevention (DLP).

Google Professional Cloud Security Engineer