Free Google Professional Data Engineer Actual Exam Questions - Question 14 Discussion
names and addresses. You need to share the customer data with your data analytics and consumer
support teams securely. The data analytics team needs to access the data of all the customers, but
must not be able to access the sensitive dat
a. The consumer support team needs access to all data columns, but must not be able to access
customers that no longer have active contracts. You enforced these requirements by using an
authorized dataset and policy tags After implementing these steps, the data analytics team reports
that they still have access to the sensitive columns. You need to ensure that the data analytics team
does not have access to restricted data What should you do?
Choose 2 answers
D Exporting logs with an aggregated sink to one project makes it simpler to control access strictly for audit personnel and ensures compliance uniformly across all projects.
Makes sense to go with D since aggregated export sinks collect logs from all projects in one place, making it easier to control access and meet retention rules. D.
C vs D? Both create a separate project for audit logs, which isolates access well. But D uses aggregated export, so it covers all projects automatically—less manual setup and better for compliance.
D is better for centralized control and meeting the 6-month retention policy.
Reject B, exporting to analysts’ buckets risks exposing logs to them.
D, since centralized export makes managing audit access easier across projects.
Seen questions about restricting audit log access before, but this one’s tricky since it’s about multiple projects and keeping logs secure. Why not a project-level export sink? But then again, an aggregated sink might centralize better. Wonder if they want centralized control or not.