Topic 1 Question 168
You work for a financial institution that lets customers register online. As new customers register, their user data is sent to Pub/Sub before being ingested into BigQuery. For security reasons, you decide to redact your customers' Government issued Identification Number while allowing customer service representatives to view the original values when necessary. What should you do?
Use BigQuery's built-in AEAD encryption to encrypt the SSN column. Save the keys to a new table that is only viewable by permissioned users.
Use BigQuery column-level security. Set the table permissions so that only members of the Customer Service user group can see the SSN column.
Before loading the data into BigQuery, use Cloud Data Loss Prevention (DLP) to replace input values with a cryptographic hash.
Before loading the data into BigQuery, use Cloud Data Loss Prevention (DLP) to replace input values with a cryptographic format-preserving encryption token.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: B
B. While C and D are intriguing, they don't specify how to enable customer service representatives to receive access to the encryption token.
👍 8AWSandeep2022/09/02 B is answer redact- hiding the column i will use bq ACL mask- i use DLP
👍 3Atnafu2022/12/16- 正解だと思う選択肢: D
D. The question does not say SSN data as a column, which might be a string just contains SSN. In this case, option A and B should be out since both them assumed SSN must be a column. Option C is out since hash function is one-way and can't revert back. So option D is the answer. There are couple similar questions in Security Engineer exam for this.
👍 3zanhsieh2023/02/02
シャッフルモード