Answer-first summary for fast verification
Answer: Load data into a different dataset for each client., Restrict a client's dataset to approved users., Use the appropriate identity and access management (IAM) roles for each client's users.
## Explanation This question addresses data isolation and access control in Google BigQuery for multi-tenant environments. Here's why options B, D, and F are correct: ### **B. Load data into a different dataset for each client** - **Logical Separation**: Creating separate datasets for each client provides logical isolation at the dataset level - **Access Control**: Datasets in BigQuery can have independent access controls and permissions - **Organization**: This approach maintains clean data organization and prevents accidental cross-client data access ### **D. Restrict a client's dataset to approved users** - **Principle of Least Privilege**: Only authorized users should have access to specific client data - **User-Level Security**: Ensures that individual users can only access datasets they are explicitly permitted to - **Audit Trail**: Makes it easier to track and monitor who has access to which client's data ### **F. Use the appropriate identity and access management (IAM) roles for each client's users** - **Granular Permissions**: IAM roles allow fine-grained control over what actions users can perform - **Role-Based Access**: Different roles (viewer, editor, admin) can be assigned based on user needs - **Centralized Management**: IAM provides a centralized way to manage access across Google Cloud services ### **Why other options are incorrect:** - **A. Load data into different partitions**: Partitions are for data organization within a table, not for security isolation between clients - **C. Put each client's BigQuery dataset into a different table**: This is redundant since datasets already contain tables; the proper approach is dataset-level separation - **E. Only allow a service account to access the datasets**: This is too restrictive and doesn't allow for the direct query access that clients need for their analytics tools This approach ensures proper data isolation while maintaining the flexibility clients need for their analytics workflows.
Author: LeetQuiz .
Ultimate access to all questions.
No comments yet.
NO.32 Your company handles data processing for a number of different clients. Each client prefers to use their own suite of analytics tools, with some allowing direct query access via Google BigQuery. You need to secure the data so that clients cannot see each other's data. You want to ensure appropriate access to the data. Which three steps should you take? (Choose three.)
A
Load data into different partitions.
B
Load data into a different dataset for each client.
C
Put each client's BigQuery dataset into a different table.
D
Restrict a client's dataset to approved users.
E
Only allow a service account to access the datasets.
F
Use the appropriate identity and access management (IAM) roles for each client's users.