Google Cloud Professional Cloud Security Engineer — Question 316

Your team maintains 1PB of sensitive data within BigOuery that contains personally identifiable information (PII). You need to provide access to this dataset to another team within your organization for analysis purposes. You must share the BigQuery dataset with the other team while protecting the PII. What should you do?

Answer options

• A. Utilize BigQuery's row-level access policies to mask PII columns based on the other team's user identities.
• B. Export the BigQuery dataset to Cloud Storage. Create a VPC Service Control perimeter and allow only their team's project access to the bucket.
• C. Implement data pseudonymization techniques to replace the PII fields with non-identifiable values. Grant the other team access to the pseudonymized dataset.
• D. Create a filtered copy of the dataset and replace the sensitive data with hash values in a separate project. Grant the other team access to this new project.

Correct answer: C

Explanation

The correct answer is C because implementing data pseudonymization techniques allows you to protect personally identifiable information while still providing the necessary data for analysis. The other options either do not sufficiently protect the PII or involve unnecessary complexity that may not fully secure the sensitive data.