Answer-first summary for fast verification
Answer: Store data within BigQuery in a specified region by using dataset location configuration. Use authorized views and row-level security to enforce geographic access restrictions. Encrypt data within BigQuery tables by using customer-managed encryption keys (CMEK).
Option D is the correct answer because it directly addresses all key requirements: (1) BigQuery is specifically designed for large-scale data analysis and visualization, making it optimal for processing location data; (2) Configuring dataset location ensures data residency compliance; (3) Authorized views and row-level security provide fine-grained access control to minimize data exposure; (4) Customer-managed encryption keys (CMEK) offer enhanced security control. The community discussion strongly supports D (100% consensus) with key insights that 'analysis of data typically = BQ required' and that BigQuery is 'the best data store for analysis and visualization.' Other options are less suitable: A focuses on Compute Engine rather than analytics platforms; B's global storage contradicts data residency requirements; C's regional Cloud Storage is better for storage but not optimized for large-scale analytics like BigQuery.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization processes large volumes of potentially sensitive location data in Google Cloud for analysis and visualization. You need to design a solution for securely storing and processing this data that minimizes exposure risks and complies with regulatory requirements and internal data residency policies. What should you do?
A
Enable location restrictions on Compute Engine instances and virtual disk resources where the data is handled. Apply labels to tag geographic metadata for all stored data.
B
Use the Cloud Data Loss Prevention (Cloud DLP) API to scan for sensitive location data before any storage or processing. Create Cloud Storage buckets with global availability for optimal performance, relying on Cloud DLP results to filter and control data access.
C
Create regional Cloud Storage buckets with Object Lifecycle Management policies that limit data lifetime. Enable fine-grained access controls by using IAM conditions. Encrypt data with customer-managed encryption keys (CMEK) generated within specific Cloud KMS key locations.
D
Store data within BigQuery in a specified region by using dataset location configuration. Use authorized views and row-level security to enforce geographic access restrictions. Encrypt data within BigQuery tables by using customer-managed encryption keys (CMEK).