Explanation:
The question specifically asks for granular and flexible authorization controls for reading data. Option C (Grant IAM roles and permissions to principals) directly addresses this requirement by providing fine-grained access control at the resource level (datasets, tables, buckets, objects) with customizable roles and the principle of least privilege. Option A (Deidentify sensitive fields) focuses on data protection rather than access control. Option B (Cloud EKM) and Option D (Server-side encryption) provide encryption but do not offer granular authorization management for reading data. The community discussion unanimously supports Option C with 100% consensus, emphasizing IAM's granular control, flexibility, and security alignment with the question's focus on authorization.
Ultimate access to all questions.
Your organization has sensitive data stored in BigQuery and Cloud Storage. You need to design a solution that provides granular and flexible authorization controls for reading data. What should you do?
A
Deidentify sensitive fields within the dataset by using data leakage protection within the Sensitive Data Protection services.
B
Use Cloud External Key Manager (Cloud EKM) to encrypt the data in BigQuery and Cloud Storage.
C
Grant identity and access management (IAM) roles and permissions to principals.
D
Enable server-side encryption on the data in BigQuery and Cloud Storage.
No comments yet.