Topic 1 Question 250
Your company's data platform ingests CSV file dumps of booking and user profile data from upstream sources into Cloud Storage. The data analyst team wants to join these datasets on the email field available in both the datasets to perform analysis. However, personally identifiable information (PII) should not be accessible to the analysts. You need to de-identify the email field in both the datasets before loading them into BigQuery for analysts. What should you do?
- Create a pipeline to de-identify the email field by using recordTransformations in Cloud Data Loss Prevention (Cloud DLP) with masking as the de-identification transformations type.
- Load the booking and user profile data into a BigQuery table.
- Create a pipeline to de-identify the email field by using recordTransformations in Cloud DLP with format-preserving encryption with FFX as the de-identification transformation type.
- Load the booking and user profile data into a BigQuery table.
- Load the CSV files from Cloud Storage into a BigQuery table, and enable dynamic data masking.
- Create a policy tag with the email mask as the data masking rule.
- Assign the policy to the email field in both tables. A
- Assign the Identity and Access Management bigquerydatapolicy.maskedReader role for the BigQuery tables to the analysts.
- Load the CSV files from Cloud Storage into a BigQuery table, and enable dynamic data masking.
- Create a policy tag with the default masking value as the data masking rule.
- Assign the policy to the email field in both tables.
- Assign the Identity and Access Management bigquerydatapolicy.maskedReader role for the BigQuery tables to the analysts
ユーザの投票
コメント(6)
As it states "You need to de-identify the email field in both the datasets before loading them into BigQuery for analysts" data masking should not be an option as the data would stored unmasked in BigQuery?
👍 2Smakyel792024/01/07- 正解だと思う選択肢: D
D. 1. Load the CSV files from Cloud Storage into a BigQuery table, and enable dynamic data masking. 2. Create a policy tag with the default masking value as the data masking rule. 3. Assign the policy to the email field in both tables. 4. Assign the Identity and Access Management bigquerydatapolicy.maskedReader role for the BigQuery tables to the analysts
👍 1scaenruy2024/01/03 - 正解だと思う選択肢: C
- The reason option C works well is that dynamic data masking in BigQuery allows the underlying data to remain unaltered (thus preserving the ability to join on this field), while also preventing analysts from viewing the actual PII.
- The analysts can query and join the data as needed for their analysis, but when they access the data, the email field will be masked according to the policy tag, and they will only see the masked version.
👍 1raaad2024/01/04
シャッフルモード