Government regulations in the banking industry mandate the protection of clients' personally identifiable information (PII). Your company requires PII to be access controlled, encrypted, and compliant with major data protection standards. In addition to using Cloud Data Loss Prevention (Cloud DLP), you want to follow
Google-recommended practices and use service accounts to control access to PII. What should you do?

A. Assign the required Identity and Access Management (IAM) roles to every employee, and create a single service account to access project resources. B. Use one service account to access a Cloud SQL database, and use separate service accounts for each human user. C. Use Cloud Storage to comply with major data protection standards. Use one service account shared by all users. D. Use Cloud Storage to comply with major data protection standards. Use multiple service accounts attached to IAM groups to grant the appropriate access to each group.