Answer-first summary for fast verification
Answer: Deterministic encryption
The question requires a cryptographic token format for de-identification and tokenization with Cloud DLP that maintains referential integrity across the database. Referential integrity ensures that relationships between data records are preserved, allowing joins across systems. Deterministic encryption (A) is the optimal choice because it consistently produces the same encrypted output (token) for the same input value, enabling reliable joins while protecting sensitive data. Although format-preserving encryption (C) also maintains referential integrity and preserves data format, the community discussion and Google's documentation (e.g., the referenced blog post) emphasize deterministic encryption as the recommended method for tokenization use cases unless strict format preservation is required. Cryptographic hashing (D) is not reversible, which may limit usability if re-identification is needed, and secure key-based hashes (B) are not a standard DLP transformation method. The consensus from highly upvoted comments (e.g., mT3 with 11 upvotes) supports A, citing Google's guidance on tokenization for maintaining referential integrity without character-set limitations.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company aims to develop products to help customers improve their credit scores based on age range. This requires joining user information from the company's banking app with customer credit score data from a third party. Using this raw data exposes sensitive information that could propagate into new systems. You must mitigate this risk by implementing de-identification and tokenization with Cloud Data Loss Prevention while preserving referential integrity across the database. Which cryptographic token format should you use to meet these requirements?
A
Deterministic encryption
B
Secure, key-based hashes
C
Format-preserving encryption
D
Cryptographic hashing
No comments yet.