Answer-first summary for fast verification
Answer: Implement Authenticated Encryption with Associated Data (AEAD) BigQuery functions while storing your data in BigQuery.
Correct answer is **C**. Authenticated Encryption with Associated Data (AEAD) provides both encryption and authentication, ensuring data confidentiality and integrity. Using AEAD functions in BigQuery allows for encrypting customer data and implementing per-user crypto-deletion by securely managing keys. This method utilizes Google Cloud's native features, avoiding the need for custom solutions. Why the other options are incorrect: - **A**: Encrypting data during ingestion with a cryptographic library does not efficiently enable per-user crypto-deletion in BigQuery and may introduce complexity and security risks. - **B**: Using a CMEK to encrypt data before storing it in BigQuery does not offer the functionality needed for per-user crypto-deletion. - **D**: Associating a CMEK with a table at creation does not directly address the requirement for per-user crypto-deletion in BigQuery.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To enhance data security, you need to encrypt customer data stored in BigQuery and implement per-user crypto-deletion. How can you use Google Cloud's native features to achieve per-user crypto-deletion for encrypted data in BigQuery?
A
Encrypt your data during ingestion by using a cryptographic library supported by your ETL pipeline.
B
Create a customer-managed encryption key (CMEK) in Cloud KMS. Use the key to encrypt data before storing in BigQuery.
C
Implement Authenticated Encryption with Associated Data (AEAD) BigQuery functions while storing your data in BigQuery.
D
Create a customer-managed encryption key (CMEK) in Cloud KMS. Associate the key to the table while creating the table.
No comments yet.