Answer-first summary for fast verification
Answer: Create a pseudonym by replacing PII data with a cryptographic format-preserving token.
The correct approach is to create a pseudonym by replacing PII data with a cryptographic format-preserving token. This method ensures that sensitive information is securely masked while maintaining the data's original format, crucial for referential integrity and the use of names and emails as join keys. Other options either compromise security by storing unredacted data, lack the necessary format preservation for referential integrity, or do not proactively address data masking before storage.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
In the context of building a real-time prediction engine that processes files potentially containing Personally Identifiable Information (PII) into Cloud Storage and then into BigQuery, how can the Cloud Data Loss Prevention API (DLP API) be effectively used to mask sensitive data while preserving referential integrity, especially when names and emails serve as common join keys?
A
Scan every table in BigQuery, and mask the data it finds that has PII.
B
Redact all PII data, and store a version of the unredacted data in a locked-down bucket.
C
Create a pseudonym by replacing the PII data with cryptogenic tokens, and store the non-tokenized data in a locked-down bucket.
D
Create a pseudonym by replacing PII data with a cryptographic format-preserving token.