Skip to main content

Question 168

You work for a financial institution that lets customers register online. As new customers register, their user data is sent to Pub/Sub before being ingested into
BigQuery. For security reasons, you decide to redact your customers' Government issued Identification Number while allowing customer service representatives to view the original values when necessary. What should you do?

  • A. Use BigQuery's built-in AEAD encryption to encrypt the SSN column. Save the keys to a new table that is only viewable by permissioned users.
  • B. Use BigQuery column-level security. Set the table permissions so that only members of the Customer Service user group can see the SSN column.
  • C. Before loading the data into BigQuery, use Cloud Data Loss Prevention (DLP) to replace input values with a cryptographic hash.
  • D. Before loading the data into BigQuery, use Cloud Data Loss Prevention (DLP) to replace input values with a cryptographic format-preserving encryption token.

DLP allows redacting sensitive PII like SSNs before loading into BigQuery. This provides security by default for the raw SSN values.

Using format-preserving encryption keeps the column format intact while still encrypting, allowing business logic relying on SSN format to continue functioning. The encrypted tokens can be reversed to view original SSNs when required, meeting the access requirement for customer service reps.

Back to top