Answer: Create row-level access policies to restrict the result data when you run queries with the filter expression set to FALSE., Create column-level policy tags to control access to columns at query runtime.

The question requires restricting query access to specific rows and columns while blocking non-query operations. Option C (row-level access policies with filter expression set to FALSE) is correct because setting the filter to FALSE prevents non-query operations like data manipulation language (DML) operations, which aligns with the requirement that non-query operations should not be supported. Option E (column-level policy tags) is correct as it controls access to specific columns at query runtime using BigQuery's column-level security features. Option A is incorrect because setting the filter to TRUE would allow non-query operations. Option B (column-level encryption with AEAD) is less suitable as it focuses on encryption rather than direct access control and adds complexity. Option D (dynamic data masking) is not the optimal choice as it masks data rather than restricting access entirely, and BigQuery's primary method for column-level access control is through policy tags.

Author: LeetQuiz Editorial Team