Google Cloud Professional Cloud Security Engineer — Question 50

Your company wants to determine what products they can build to help customers improve their credit scores depending on their age range. To achieve this, you need to join user information in the company's banking app with customers' credit score data received from a third party. While using this raw data will allow you to complete this task, it exposes sensitive data, which could be propagated into new systems.
This risk needs to be addressed using de-identification and tokenization with Cloud Data Loss Prevention while maintaining the referential integrity across the database. Which cryptographic token format should you use to meet these requirements?

Answer options

• A. Deterministic encryption
• B. Secure, key-based hashes
• C. Format-preserving encryption
• D. Cryptographic hashing

Correct answer: A

Explanation

Deterministic encryption is the correct choice because it allows the same input to always produce the same output, which is essential for maintaining referential integrity while protecting sensitive data. The other options, such as secure key-based hashes and cryptographic hashing, do not allow for reversible transformations needed for data integrity checks, while format-preserving encryption does not necessarily provide the same level of security and data handling required here.