Exam Professional Data Engineer topic 1 question 16 discussion

Table access control is now possible in big query. However, before even checking table access control permission which is not set by the company as a formal security policy yet, we need to first understand by looking at the big query immutable audit logs as who is accessing what DAT sets and tables. Based on the information, access control policy at dataset and table level can be set. So the correct answer is A

A - need to check first who is accessing which table

Stackdriver Audit Logs is now called Cloud Audit logs. To secure a data warehouse, the first step is to understand how the datasets are being accessed and used. Cloud Audit logs can track data access as it provides a detailed log of all data access operations.

A is correct because this is the best way to get granular access to data showing which users are accessing which data. B is not correct because we already know that all users already have access to all data, so this information is unlikely to be useful. It will also not show what users have done, just what they can do. C is not correct because slot usage will not inform security policy. D is not correct because a billing account is typically shared among many people and will only show the amount of data queried and stored https://cloud.google.com/bigquery/docs/reference/auditlogs/#mapping-audit-entries-to-log-streams https://cloud.google.com/bigquery/docs/monitoring#slots-available

A. Use Google Stackdriver Audit Logs to review data access. Reviewing the audit logs provides visibility into who is accessing your data, when they are doing so, and what actions they are taking within BigQuery. This is crucial for understanding current data usage and potential security risks. Option B (getting the IAM policy of each table) is important but more focused on controlling access rather than discovering what everyone is currently doing. Option C (using Stackdriver Monitoring to see query slots usage) can help with monitoring and optimizing your BigQuery usage but doesn't provide a comprehensive view of what users are doing with the data. Option D (using the Google Cloud Billing API) is more related to tracking billing information rather than understanding what users are doing with the data.

To begin securing your data warehouse in Google BigQuery and gain insights into what everyone is doing with the datasets, the first step you should take is: A. Use Google Stackdriver Audit Logs to review data access. Reviewing the audit logs provides visibility into who is accessing your data, when they are doing so, and what actions they are taking within BigQuery. This is crucial for understanding current data usage and potential security risks. Option B (getting the IAM policy of each table) is important but more focused on controlling access rather than discovering what everyone is currently doing. Option C (using Stackdriver Monitoring to see query slots usage) can help with monitoring and optimizing your BigQuery usage but doesn't provide a comprehensive view of what users are doing with the data. Option D (using the Google Cloud Billing API) is more related to tracking billing information rather than understanding what users are doing with the data.

A. Use Google Stackdriver Audit Logs to review data access. In this scenario, you have been asked to secure the data warehouse in Google BigQuery. To do that, you first need to understand what everyone is doing with the data, i.e., who is accessing it and what actions they are performing. Google Stackdriver Audit Logs can provide you with a detailed record of all the data access and actions taken by users in Google BigQuery. It's like having a logbook that keeps track of who enters the library, which books they read, and what they do with the books. C just give how many people accessing the same dataset at given time C. Another tool you have is called "Stackdriver Monitoring." It helps you see how many people are using the library at the same time. It's like knowing how many readers are in the library at any given moment.

A - Since the question is to discover what everyone is doing. Also the question has indicated that no security policies have been implemented.

A. Use Google Stackdriver Audit Logs to review data access. Reviewing the audit logs provides visibility into who is accessing your data when they are doing so, and what actions they are taking within BigQuery. This is crucial for understanding current data usage and potential security risks.

A is the answer. But recently, I think Dataplex is used for data governance .

A. Use Google Stackdriver Audit Logs to review data access. Stackdriver Audit Logs provide detailed logs on who accessed what resources and when, including data in BigQuery. Reviewing these logs will give you insight into which users and service accounts are accessing datasets, what operations they are performing, and when these accesses occur. This would be a crucial first step in understanding current usage and subsequently in crafting a security policy.

Stackdriver audit logs is where we will view which datasets are being accessed by whom

In order to take a decision you need to analyze the access lofs

"Discover what everyone is doing" will happen through Audit logs, hence correct answer is A

"...to secure the data warehouse" is to list all tables/views/Mviews VS. who is accessing these objects. Slot info is not relevant.

A is correct.

Audit log ..logs activities against resources , is the best place to discover about activities against BQ