🔥 3-day streak
Professional Cloud Security Engineer143 / 152
Question 143 of 152

A financial services company stores sensitive customer data in BigQuery within a project named 'analytics-prod'. Security requires that data in this project cannot be exfiltrated to any Google Cloud resource outside the organization, even if an attacker obtains valid credentials. However, a separate project 'ml-training' (in the same organization) must be able to run authorized BigQuery jobs that read from 'analytics-prod'. What is the best way to meet both requirements?

Reviewed for accuracy · Report an issueNext question