🔥 3-day streak
Professional Data Engineer169 / 169
Question 169 of 169

A healthcare analytics company stores regulated patient data in BigQuery and Cloud Storage. Their security team is concerned that a compromised service account or a misconfigured IAM binding could allow an insider to copy data to an external Google Cloud project outside the organization. They want a control that prevents data from being moved beyond a defined boundary, even if IAM permissions are inadvertently granted. Which approach best addresses this requirement?

Reviewed for accuracy · Report an issue