試験Associate-Data-Practitioner トピック2 問題14 スレッド

Google Associate-Data-Practitionerのリアル試験問題集
問題 #: 14
トピック #: 2
You are designing an application that will interact with several BigQuery datasets. You need to grant the application's service account permissions that allow it to query and update tables within the datasets, and list all datasets in a project within your application. You want to follow the principle of least privilege. Which pre- defined IAM role(s) should you apply to the service account?

おすすめの解答:A 解答を投票する

* roles/bigquery.jobUser:
* This role allows a user or service account to run BigQuery jobs, including queries. This is necessary for the application to interact with and query the tables.
* From Google Cloud documentation: "BigQuery Job User can run BigQuery jobs, including queries, load jobs, export jobs, and copy jobs."
* roles/bigquery.dataOwner:
* This role grants full control over BigQuery datasets and tables. It allows the service account to update tables, which is a requirement of the application.
* From Google Cloud documentation: "BigQuery Data Owner can create, delete, and modify BigQuery datasets and tables. BigQuery Data Owner can also view data and run queries."
* Why other options are incorrect:
* B. roles/bigquery.connectionUser and roles/bigquery.dataViewer:
* roles/bigquery.connectionUser is used for external connections, which is not required for this task. roles/bigquery.dataViewer only allows viewing data, not updating it.
* C. roles/bigquery.admin:
* roles/bigquery.admin grants excessive permissions. Following the principle of least privilege, this role is too broad.
* D. roles/bigquery.user and roles/bigquery.filteredDataViewer:
* roles/bigquery.user grants the ability to run queries, but not the ability to modify data. roles
/bigquery.filteredDataViewer only provides permission to view filtered data, which is not sufficient for updating tables.
* Principle of Least Privilege:
* The principle of least privilege is a security concept that states that a user or service account should be granted only the permissions necessary to perform its intended tasks.
* By assigning roles/bigquery.jobUser and roles/bigquery.dataOwner, we provide the application with the exact permissions it needs without granting unnecessary access.
* Google Cloud Documentation References:
* BigQuery IAM roles:https://cloud.google.com/bigquery/docs/access-control-basic-roles
* IAM best practices:https://cloud.google.com/iam/docs/best-practices-for-using-iam

一鹰** 2026-07-12 12:24:14

コメント

正解:
?」こちらは投票コメントになっております。普通のコメントに切り替えます。
ニックネーム: 送信 キャンセル
投票コメントをあげるごとに、選択した解答の投票数を1つ増やすことができます。

他人の解答コメントを賛成するのも、その解答に一票を入れることになります。したがって、すでに同じ意見の投票コメントが存在する場合、新規コメントをする代わりに賛成することもできます。

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡