Explanation:
The correct answer is A. Implementing Authenticated Encryption with Associated Data (AEAD) BigQuery functions while storing your data in BigQuery allows you to encrypt specific data fields using a unique key per user. By managing these keys outside of BigQuery, you can effectively revoke access to a user's key, making their data unreadable and achieving crypto-deletion. This approach utilizes native features in Google Cloud without requiring custom solutions.
Ultimate access to all questions.
No comments yet.
As a Data Engineer, you are tasked with ensuring the security and privacy of customer data stored in Google BigQuery. Specifically, you need to encrypt the data and implement per-user crypto-deletion, allowing for the secure deletion of specific user data. Your goal is to leverage native Google Cloud features to achieve this, avoiding any bespoke or custom-built solutions. How should you proceed to meet these requirements?
A
Implement Authenticated Encryption with Associated Data (AEAD) BigQuery functions while storing your data in BigQuery.
B
Create a customer-managed encryption key (CMEK) in Cloud KMS. Associate the key to the table while creating the table.
C
Create a customer-managed encryption key (CMEK) in Cloud KMS. Use the key to encrypt data before storing in BigQuery.
D
Encrypt your data during ingestion by using a cryptographic library supported by your ETL pipeline.