Exam Professional Cloud Security Engineer topic 1 question 234 discussion

Correction. The most correct answer would be C. Create curated tables in a separate dataset and assign the role roles/bigquery.dataViewer. This option directly addresses the needs of the business user who must access curated reports. By creating curated tables in a separate dataset, you can control access to specific data. Assigning the roles/bigquery.dataViewer role allows the business user to view the data in BigQuery. While option A is also a good practice for a security operator, it doesn’t directly address the specific needs of the users mentioned in the question as effectively as option C does. Therefore, if you can only choose one answer, option C would be the most correct.

C. Create curated tables in a separate dataset and assign the role roles/bigquery.dataViewer.

Answer C: Data Access audit logs—except for BigQuery Data Access audit logs—are disabled by default because audit logs can be quite large.

A is the correct!

Option A (data access logs and Project Viewer for security) offers a simpler path to achieve "need to know" for business users and data engineers while providing the security operator with visibility into user activity.

Sorry I wanted to vote for A

Both Option A and Option C can be effective for different reasons. Option A offers simplicity and aligns with "need to know" for most users, while Option C provides more granular control over data access but requires additional configuration.

A. Configure data access log for BigQuery services, and grant Project Viewer role to security operator. This allows the security operator to review user activity on the data platform. C. Create curated tables in a separate dataset and assign the role roles/bigquery.dataViewer. This allows the business user to access curated reports. The data engineer can administrate the data lifecycle in the platform.