SnowPro Advanced: Architect — Question 193

A company has a call center that processes sensitive Personally Identifiable Information (PII) and Protected Health Information (PHI). The company wants to implement the following security features:

• Object owners and users with privileged roles should have access to columns that contain sensitive data.
• Data loaded in pre-tokenized form should be de-tokenized at query time.

What should be used to meet these requirements? (Choose two.)

Answer options

• A. Object tagging
• B. Materialized views
• C. External tokenization
• D. Dynamic Data Masking
• E. Role-Based Access Control (RBAC)

Correct answer: C, D

Explanation

The correct answers are C and D because External tokenization allows for the de-tokenization of pre-tokenized data at query time, which meets the requirement of processing sensitive information securely. Dynamic Data Masking helps control access to sensitive data based on user roles, ensuring that only authorized users can view the actual data. The other options do not directly address both requirements effectively.