Topic 1 Question 238
You want to encrypt the customer data stored in BigQuery. You need to implement per-user crypto-deletion on data stored in your tables. You want to adopt native features in Google Cloud to avoid custom solutions. What should you do?
Implement Authenticated Encryption with Associated Data (AEAD) BigQuery functions while storing your data in BigQuery.
Create a customer-managed encryption key (CMEK) in Cloud KMS. Associate the key to the table while creating the table.
Create a customer-managed encryption key (CMEK) in Cloud KMS. Use the key to encrypt data before storing in BigQuery.
Encrypt your data during ingestion by using a cryptographic library supported by your ETL pipeline.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: A
- AEAD cryptographic functions in BigQuery allow for encryption and decryption of data at the column level.
- You can encrypt specific data fields using a unique key per user and manage these keys outside of BigQuery (for example, in your application or using a key management system).
- By "deleting" or revoking access to the key for a specific user, you effectively make their data unreadable, achieving crypto-deletion.
- This method provides fine-grained encryption control but requires careful key management and integration with your applications.
👍 2raaad2024/01/04 - 正解だと思う選択肢: A
A. Implement Authenticated Encryption with Associated Data (AEAD) BigQuery functions while storing your data in BigQuery.
👍 1scaenruy2024/01/03
シャッフルモード