Google Cloud Professional Data Engineer — Question 252

Your organization stores highly personal data in BigQuery and needs to comply with strict data privacy regulations. You need to ensure that sensitive data values are rendered unreadable whenever an employee leaves the organization. What should you do?

Answer options

• A. Use column-level access controls with policy tags and revoke viewer permissions when employees leave the organization.
• B. Use dynamic data masking and revoke viewer permissions when employees leave the organization.
• C. Use customer-managed encryption keys (CMEK) and delete keys when employees leave the organization.
• D. Use AEAD functions and delete keys when employees leave the organization.

Correct answer: D

Explanation

The correct answer is D because AEAD (Authenticated Encryption with Associated Data) functions allow you to encrypt data in such a way that it remains secure and can be rendered unreadable by deleting the keys when an employee leaves. Options A and B do not focus on rendering data unreadable; they only manage access controls. Option C, while it employs encryption, does not specifically leverage the benefits of AEAD functions for ensuring data privacy upon employee departure.