You have a highly sensitive BigQuery workload that contains personally identifiable information (PII) that you want to ensure is not accessible from the internet. To prevent data exfiltration, only requests from authorized IP addresses are allowed to query your BigQuery tables.
What should you do?
To ensure that only requests from authorized IP addresses can query your BigQuery tables and prevent data exfiltration, using a service perimeter and creating an access level based on the authorized source IP address as the condition is the best approach. This allows you to create a boundary that controls access to Google Cloud resources for services within the same perimeter, ensuring sensitive data is not accessible from the internet.
A is the correct.
Option A is correct
I think its A.
The best option would be A. Use service perimeter and create an access level based on the authorized source IP address as the condition. This approach allows you to create a boundary that controls access to Google Cloud resources for services within the same perimeter. By creating an access level based on the authorized source IP address as the condition, you can ensure that only requests from authorized IP addresses are allowed to query your BigQuery tables. This effectively prevents data exfiltration and ensures that your sensitive BigQuery workload is not accessible from the internet.
A and B will work, but A in better in my opinion
A is the correct one.