Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Exam Professional Cloud Security Engineer Topic 4 Question 69 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 69
Topic #: 4
[All Professional Cloud Security Engineer Questions]

Your organization uses BigQuery to process highly sensitive, structured datasets. Following the "need to know" principle, you need to create the Identity and Access Management (IAM) design to meet the needs of these users:

* Business user must access curated reports.

* Data engineer: must administrate the data lifecycle in the platform.

* Security operator: must review user activity on the data platform.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: C

This option directly addresses the needs of the business user who must access curated reports. By creating curated tables in a separate dataset, you can control access to specific data. Assigning the roles/bigquery.dataViewer role allows the business user to view the data in BigQuery.


Contribute your Thoughts:

Florinda
8 months ago
I think option C is the way to go. It's the only one that really addresses all the requirements while maintaining the necessary security measures. Plus, it's the most straightforward solution - no need to get overly complex with things like row-level access control.
upvoted 0 times
...
Clemencia
8 months ago
Yeah, I'm leaning towards option C as well. The other options either involve too much risk or don't provide the level of control and granularity we need. I like how option C separates the datasets and assigns the appropriate roles.
upvoted 0 times
...
Laura
8 months ago
I agree with Janey. Option C seems like the most secure and user-friendly solution. Sending a CSV file to the business user's email would be a security risk, and the other options don't fully address the need-to-know principle.
upvoted 0 times
...
Janey
8 months ago
Hmm, this is a tricky question. I think the best approach is to go with option C. Creating curated tables in a separate dataset and assigning the role roles/bigquery.dataViewer seems like the most appropriate way to handle the requirement of the business user needing access to the reports.
upvoted 0 times
Tresa
7 months ago
Great, I think we have a good plan now with options C, D, and A.
upvoted 0 times
...
Cherry
7 months ago
Yes, that way they can review user activity on the platform.
upvoted 0 times
...
Nydia
8 months ago
That makes sense. And for the security operator, maybe option A for data access log?
upvoted 0 times
...
Nikita
8 months ago
For the data engineer, maybe we should go with option D for row-based access control.
upvoted 0 times
...
Stacey
8 months ago
But what about the data engineer and security operator requirements?
upvoted 0 times
...
Han
8 months ago
I agree, separating the curated tables seems like a good idea.
upvoted 0 times
...
Dong
8 months ago
Option C sounds like the best choice.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77