As a Data Engineer, you are tasked with ensuring the security and privacy of customer data stored in Google BigQuery. Specifically, you need to encrypt the data and implement per-user crypto-deletion, allowing for the secure deletion of specific user data. Your goal is to leverage native Google Cloud features to achieve this, avoiding any bespoke or custom-built solutions. How should you proceed to meet these requirements?

Exam-Like

Implement Authenticated Encryption with Associated Data (AEAD) BigQuery functions while storing your data in BigQuery.

62.2%

Create a customer-managed encryption key (CMEK) in Cloud KMS. Associate the key to the table while creating the table.

13.5%

Create a customer-managed encryption key (CMEK) in Cloud KMS. Use the key to encrypt data before storing in BigQuery.

16.2%

Encrypt your data during ingestion by using a cryptographic library supported by your ETL pipeline.

8.1%

Google Professional Data Engineer