Google Cloud Professional Data Engineer — Question 141

You are administering a BigQuery dataset that uses a customer-managed encryption key (CMEK). You need to share the dataset with a partner organization that does not have access to your CMEK. What should you do?

Answer options

• A. Provide the partner organization a copy of your CMEKs to decrypt the data.
• B. Export the tables to parquet files to a Cloud Storage bucket and grant the storageinsights.viewer role on the bucket to the partner organization.
• C. Copy the tables you need to share to a dataset without CMEKs. Create an Analytics Hub listing for this dataset.
• D. Create an authorized view that contains the CMEK to decrypt the data when accessed.

Correct answer: C

Explanation

The correct answer is C because copying the tables to a dataset without CMEKs allows the partner organization to access the data without needing the encryption keys. Options A and D involve sharing or using the CMEK, which the partner cannot access, making them invalid. Option B requires the partner to have access to the exported data in Cloud Storage, but it does not provide direct access to the dataset in BigQuery.