GCP Professional Cloud Security Engineer Practice Question
Your security team must let an external analytics vendor query a BigQuery table to generate daily reports. The table contains several columns marked as confidential that the vendor must never see. The solution must enforce least-privilege, avoid exporting or copying data, and allow the vendor to keep using standard SQL tools through BigQuery for the next 30 days. Which approach best satisfies these requirements?
Copy the table into a new dataset that omits the confidential columns and give the vendor the BigQuery Data Viewer role on that dataset.
Export the required columns to Cloud Storage each night and share the objects through signed URLs that expire after 30 days.
Apply BigQuery column-level security tags to the confidential columns and grant the vendor BigQuery Data Viewer on the source dataset.
Create an authorized view that selects only the required fields and grant the vendor the BigQuery Data Viewer role on the view.
Authorized views publish the results of a query as a logical table. By creating a view that selects only the columns the vendor needs and granting the vendor the BigQuery Data Viewer role on that view, the vendor can issue standard SQL queries while BigQuery blocks any direct access to the underlying table and its confidential columns. Column-level security would still require granting the vendor read access to the entire table, allowing visibility of every non-tagged column-more access than necessary. Exporting the data produces additional copies in Cloud Storage that must be secured and managed, contrary to the requirement to avoid exports. Copying the table to another dataset would create a full duplicate that increases storage cost and does not by itself prevent the data from being further shared, so it is not the optimal least-privilege approach.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an authorized view in BigQuery?
Open an interactive chat with Bash
How does column-level security differ from authorized views in BigQuery?
Open an interactive chat with Bash
Why is exporting data to Cloud Storage not recommended in this case?
Open an interactive chat with Bash
What is an authorized view in BigQuery?
Open an interactive chat with Bash
Why is column-level security insufficient in this scenario?
Open an interactive chat with Bash
What are the risks of exporting data to Cloud Storage in this scenario?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Ensuring data protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .