Answer-first summary for fast verification
Answer: Grant identity and access management (IAM) roles and permissions to principals.
The question specifically asks for granular and flexible authorization controls for reading data. Option C (Grant IAM roles and permissions to principals) directly addresses this requirement by providing fine-grained access control at the resource level (datasets, tables, buckets, objects) with customizable roles and the principle of least privilege. Option A (Deidentify sensitive fields) focuses on data protection rather than access control. Option B (Cloud EKM) and Option D (Server-side encryption) provide encryption but do not offer granular authorization management for reading data. The community discussion unanimously supports Option C with 100% consensus, emphasizing IAM's granular control, flexibility, and security alignment with the question's focus on authorization.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization has sensitive data stored in BigQuery and Cloud Storage. You need to design a solution that provides granular and flexible authorization controls for reading data. What should you do?
A
Deidentify sensitive fields within the dataset by using data leakage protection within the Sensitive Data Protection services.
B
Use Cloud External Key Manager (Cloud EKM) to encrypt the data in BigQuery and Cloud Storage.
C
Grant identity and access management (IAM) roles and permissions to principals.
D
Enable server-side encryption on the data in BigQuery and Cloud Storage.
No comments yet.