Google Cloud Associate Data Practitioner — Question 6

Your organization stores highly personal data in BigQuery and needs to comply with strict data privacy regulations. You need to ensure that sensitive data values are rendered unreadable whenever an employee leaves the organization. What should you do?

Answer options

• A. Use AEAD functions and delete keys when employees leave the organization.
• B. Use dynamic data masking and revoke viewer permissions when employees leave the organization.
• C. Use customer-managed encryption keys (CMEK) and delete keys when employees leave the organization.
• D. Use column-level access controls with policy tags and revoke viewer permissions when employees leave the organization.

Correct answer: A

Explanation

The correct answer is A because using AEAD functions allows for data to be encrypted in such a way that it becomes unreadable, and deleting the keys ensures that even if the data is accessed, it cannot be decrypted. Options B, C, and D either do not provide the necessary level of data protection for sensitive data or rely on methods that do not render the data unreadable upon key deletion.