Google Professional Data Engineer
Get started today
Ultimate access to all questions.
You are responsible for managing a BigQuery dataset that is secured with a customer-managed encryption key (CMEK). You now need to grant access to this dataset to a partner organization that lacks access to your CMEK. How should you proceed to enable this sharing while maintaining data security?
You are responsible for managing a BigQuery dataset that is secured with a customer-managed encryption key (CMEK). You now need to grant access to this dataset to a partner organization that lacks access to your CMEK. How should you proceed to enable this sharing while maintaining data security?
Explanation:
The correct answer is C: Copy the tables you need to share to a dataset without CMEKs and create an Analytics Hub listing for this dataset. This approach allows you to share the data securely with the partner organization without exposing your customer-managed encryption keys. Providing the partner organization with a copy of your CMEKs (Option A) breaches key security. Exporting the tables to parquet files and granting access to the Cloud Storage bucket (Option B) does not address the encryption issue directly and may not maintain the data integrity and security as effectively. Creating an authorized view that contains the CMEK (Option D) is not a feasible solution as it risks unauthorized access to the encryption keys.