GCP Professional Data Engineer Practice Question

A financial services company runs its analytics platform on Google Cloud. Security architects set these requirements: all BigQuery tables containing customer PII must reside only in EU regions; business analysts can run aggregate queries but must never see raw email or phone columns; a Dataflow pipeline service account should have only the permissions required to insert new partitions into the same tables. Which design best satisfies all requirements while following the principle of least privilege?

Load PII into a US multi-regional dataset after redacting email and phone fields with Cloud DLP; give analysts bigquery.jobUser on the project and bigquery.dataViewer on the dataset; grant the Dataflow service account bigquery.dataEditor.
Place the tables in the EU multi-regional location and label sensitive columns with Data Catalog policy tags; give analysts bigquery.dataViewer on the raw dataset and bigquery.tagUser on the tags, and give the Dataflow service account bigquery.dataOwner on the dataset.
Create a raw dataset in europe-west1 and apply the gcp.resourceLocations organization policy to EU regions. Publish an authorized view that provides only aggregated results and share that view with the analyst group. Grant the analysts bigquery.dataViewer on the dataset that houses the view and bigquery.jobUser on the project. Grant the Dataflow service account bigquery.dataEditor on the raw dataset.
Replicate the dataset to europe-west1 and give analysts access through BigQuery column-level security by assigning them the bigquery.policyTagAccessor role; omit any organization policy, and grant the Dataflow service account bigquery.dataOwner on the dataset.

Report Issue

Answer Description

Storing the raw tables in a single-region EU dataset (for example europe-west1) keeps data physically in the EU. Enforcing the organization policy constraint gcp.resourceLocations ensures no one can accidentally create resources outside approved EU regions. An authorized view can expose only aggregated results, so analysts can run their queries without gaining direct access to the sensitive columns. Granting analysts bigquery.dataViewer on the dataset that contains the views plus bigquery.jobUser on the project lets them execute queries but not modify data. The Dataflow pipeline needs to load and overwrite table partitions, so bigquery.dataEditor on the raw dataset is sufficient-there is no need for broader Owner privileges. The other options either do not restrict residency to the EU, expose raw columns through insufficient controls, or assign overly broad IAM roles.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.