🔥 3-day streak
Professional Cloud Architect168 / 169
Question 168 of 169

A financial services company stores sensitive customer records in BigQuery and Cloud Storage. A recent risk assessment found that although IAM permissions are tightly scoped, an insider with legitimate read access could copy data to a personal Google Cloud project or exfiltrate it to an external service. Leadership wants to guarantee that data cannot leave the organization's approved projects, even when accessed by users who hold valid IAM roles. Which control best addresses this requirement?

Reviewed for accuracy · Report an issueNext question