Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Exam Professional Data Engineer Topic 5 Question 92 Discussion

Actual exam question for Google's Professional Data Engineer exam
Question #: 92
Topic #: 5
[All Professional Data Engineer Questions]

You want to encrypt the customer data stored in BigQuery. You need to implement for-user crypto-deletion on data stored in your tables. You want to adopt native features in Google Cloud to avoid custom solutions. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

To implement for-user crypto-deletion and ensure that customer data stored in BigQuery is encrypted, using native Google Cloud features, the best approach is to use Customer-Managed Encryption Keys (CMEK) with Cloud Key Management Service (KMS). Here's why:

Customer-Managed Encryption Keys (CMEK):

CMEK allows you to manage your own encryption keys using Cloud KMS. These keys provide additional control over data access and encryption management.

Associating a CMEK with a BigQuery table ensures that data is encrypted with a key you manage.

For-User Crypto-Deletion:

For-user crypto-deletion can be achieved by disabling or destroying the CMEK. Once the key is disabled or destroyed, the data encrypted with that key cannot be decrypted, effectively rendering it unreadable.

Native Integration:

Using CMEK with BigQuery is a native feature, avoiding the need for custom encryption solutions. This simplifies the management and implementation of encryption and decryption processes.

Steps to Implement:

Create a CMEK in Cloud KMS:

Set up a new customer-managed encryption key in Cloud KMS.

Associate the CMEK with BigQuery Tables:

When creating a new table in BigQuery, specify the CMEK to be used for encryption.

This can be done through the BigQuery console, CLI, or API.


BigQuery and CMEK

Cloud KMS Documentation

Encrypting Data in BigQuery

Contribute your Thoughts:

Irma
2 months ago
I think option D is the most practical choice for our scenario.
upvoted 0 times
...
Naomi
2 months ago
I prefer option C, it provides better data protection.
upvoted 0 times
...
Nathalie
2 months ago
I disagree, option B seems more secure to me.
upvoted 0 times
...
Galen
3 months ago
I'm tempted to go with Option C, but then I'd have to remember the full name of that AEAD thing. Option B seems easier to remember.
upvoted 0 times
Adolph
2 months ago
I agree, let's go with Option B then.
upvoted 0 times
...
William
2 months ago
Yeah, it does seem easier to remember.
upvoted 0 times
...
Marguerita
2 months ago
I think Option B is the way to go.
upvoted 0 times
...
...
Shenika
3 months ago
I think we should go with option A.
upvoted 0 times
...
Aleisha
3 months ago
Option B all the way! Who doesn't love a good old-fashioned customer-managed encryption key?
upvoted 0 times
Ashlyn
2 months ago
C) Implement Authenticated Encryption with Associated Data (AEAD) BigQuery functions while storing your data in BigQuery.
upvoted 0 times
...
Yesenia
2 months ago
A) That sounds like a secure option. Good choice!
upvoted 0 times
...
Janna
2 months ago
B) Create a customer-managed encryption key (CMEK) in Cloud KMS. Use the key to encrypt data before storing in BigQuery.
upvoted 0 times
...
Ngoc
3 months ago
A) Create a customer-managed encryption key (CMEK) in Cloud KMS. Associate the key to the table while creating the table.
upvoted 0 times
...
...
Terrilyn
3 months ago
Option D sounds like a lot of work. Why not just use the native BigQuery features like Option C suggests?
upvoted 0 times
Moira
2 months ago
I agree, let's go with Option C and implement Authenticated Encryption with Associated Data functions.
upvoted 0 times
...
Ciara
3 months ago
Option C sounds like a good idea. It would be easier to just use the native BigQuery features.
upvoted 0 times
...
...
Izetta
3 months ago
I'd go with Option A. Associating the key with the table during creation sounds like the simplest approach.
upvoted 0 times
...
Mollie
3 months ago
Option B seems like the way to go. Keeping the encryption key separate from the data is a good security practice.
upvoted 0 times
Louvenia
3 months ago
I agree. Using a customer-managed encryption key in Cloud KMS for encrypting data before storing in BigQuery is a secure approach.
upvoted 0 times
...
Abel
3 months ago
I think option B is the best choice. It's important to keep the encryption key separate from the data.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77