Your organization has sensitive data stored in BigQuery and Cloud Storage. You need to design a solution that provides granular and flexible control authorization to read data. What should you do?
A.
Deidentify sensitive fields within the dataset by using data leakage protection within the Sensitive Data Protection services.
B.
Use Cloud External Key Manager (Cloud EKM) to encrypt the data in BigQuery and Cloud Storage.
C.
Grant identity and access management (IAM) roles and permissions to principals.
D.
Enable server-side encryption on the data in BigQuery and Cloud Storage.
Why Option C:
Granular Control: IAM roles and permissions allow you to specify exactly who can access which resources, down to the level of individual datasets or tables.
Flexibility: You can create custom roles and assign them to specific users, groups, or service accounts, tailoring access to your organization's needs.
Security: By using IAM, you can enforce the principle of least privilege, ensuring that users have only the permissions they need.
IAM roles and permissions provide the most comprehensive solution for managing access to sensitive data in BigQuery and Cloud Storage.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Pime13
4 months, 3 weeks agoyokoyan
7 months, 3 weeks ago