Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Data Engineer Exam - Topic 5 Question 92 Discussion

Actual exam question for Google's Professional Data Engineer exam
Question #: 92
Topic #: 5
[All Professional Data Engineer Questions]

You want to encrypt the customer data stored in BigQuery. You need to implement for-user crypto-deletion on data stored in your tables. You want to adopt native features in Google Cloud to avoid custom solutions. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

To implement for-user crypto-deletion and ensure that customer data stored in BigQuery is encrypted, using native Google Cloud features, the best approach is to use Customer-Managed Encryption Keys (CMEK) with Cloud Key Management Service (KMS). Here's why:

Customer-Managed Encryption Keys (CMEK):

CMEK allows you to manage your own encryption keys using Cloud KMS. These keys provide additional control over data access and encryption management.

Associating a CMEK with a BigQuery table ensures that data is encrypted with a key you manage.

For-User Crypto-Deletion:

For-user crypto-deletion can be achieved by disabling or destroying the CMEK. Once the key is disabled or destroyed, the data encrypted with that key cannot be decrypted, effectively rendering it unreadable.

Native Integration:

Using CMEK with BigQuery is a native feature, avoiding the need for custom encryption solutions. This simplifies the management and implementation of encryption and decryption processes.

Steps to Implement:

Create a CMEK in Cloud KMS:

Set up a new customer-managed encryption key in Cloud KMS.

Associate the CMEK with BigQuery Tables:

When creating a new table in BigQuery, specify the CMEK to be used for encryption.

This can be done through the BigQuery console, CLI, or API.


BigQuery and CMEK

Cloud KMS Documentation

Encrypting Data in BigQuery

by Hoa at Sep 09, 2024, 07:58 PM

Limited Time Offer

25%

Off

Get Premium Professional Data Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Christa
4 months ago
B seems more straightforward, but I guess it depends on your use case.
upvoted 0 times
...
Tamra
4 months ago
Definitely A! Associating keys at table creation is smart.
upvoted 0 times
...
Nickolas
4 months ago
Wait, can you really manage your own keys like that? Sounds risky!
upvoted 0 times
...
Blythe
4 months ago
I think option C is interesting, but not sure if it's the best fit.
upvoted 0 times
...
Candra
4 months ago
CMEK is the way to go for encryption in BigQuery!
upvoted 0 times
...
Santos
5 months ago
I’m leaning towards option A because it mentions associating the key with the table, which seems like a direct way to handle encryption in BigQuery.
upvoted 0 times
...
Jenelle
5 months ago
I feel like I saw a question similar to this where CMEK was mentioned, but I can't remember if it was about associating it with the table or encrypting data first.
upvoted 0 times
...
Alpha
5 months ago
I think option C sounds familiar; I practiced with AEAD functions, but I can't recall if they are the best fit for crypto-deletion.
upvoted 0 times
...
Garry
5 months ago
I remember something about CMEK being important for managing encryption keys, but I'm not sure if it should be associated with the table or used beforehand.
upvoted 0 times
...
Sarina
5 months ago
I think I'd go with option D - encrypting the data during ingestion. That way, we can use a crypto library that we're already familiar with and integrate it into our ETL pipeline. Seems like the most flexible approach, and we won't have to rely on any Google-specific features.
upvoted 0 times
...
Ricarda
5 months ago
Okay, I've got this. Option C is the way to go - using the AEAD functions in BigQuery. That way, we can get the encryption and the crypto-deletion all in one shot, without having to manage any keys or external services. Seems like the most efficient solution to me.
upvoted 0 times
...
Mirta
5 months ago
Hmm, this looks like a tricky one. I think I'll go with option A - creating a CMEK in Cloud KMS and associating it with the BigQuery table. That seems like the most straightforward way to get native encryption without having to manage the crypto myself.
upvoted 0 times
...
Whitney
5 months ago
I'm a bit confused by the question. Do we need to implement for-user crypto-deletion, or is that just an additional requirement? I'm not sure if option B or C would be better for that. Maybe I should review the details on those features again.
upvoted 0 times
...
Arminda
5 months ago
Okay, let's see. The question is talking about amplitude, frequency, and components as critical factors. Based on that, I'm guessing the missing component is probably related to the material properties of the parts involved.
upvoted 0 times
...
Irma
1 year ago
I think option D is the most practical choice for our scenario.
upvoted 0 times
...
Naomi
1 year ago
I prefer option C, it provides better data protection.
upvoted 0 times
...
Nathalie
1 year ago
I disagree, option B seems more secure to me.
upvoted 0 times
...
Galen
1 year ago
I'm tempted to go with Option C, but then I'd have to remember the full name of that AEAD thing. Option B seems easier to remember.
upvoted 0 times
Adolph
1 year ago
I agree, let's go with Option B then.
upvoted 0 times
...
William
1 year ago
Yeah, it does seem easier to remember.
upvoted 0 times
...
Marguerita
1 year ago
I think Option B is the way to go.
upvoted 0 times
...
...
Shenika
1 year ago
I think we should go with option A.
upvoted 0 times
...
Aleisha
2 years ago
Option B all the way! Who doesn't love a good old-fashioned customer-managed encryption key?
upvoted 0 times
Ashlyn
1 year ago
C) Implement Authenticated Encryption with Associated Data (AEAD) BigQuery functions while storing your data in BigQuery.
upvoted 0 times
...
Yesenia
1 year ago
A) That sounds like a secure option. Good choice!
upvoted 0 times
...
Janna
1 year ago
B) Create a customer-managed encryption key (CMEK) in Cloud KMS. Use the key to encrypt data before storing in BigQuery.
upvoted 0 times
...
Ngoc
1 year ago
A) Create a customer-managed encryption key (CMEK) in Cloud KMS. Associate the key to the table while creating the table.
upvoted 0 times
...
...
Terrilyn
2 years ago
Option D sounds like a lot of work. Why not just use the native BigQuery features like Option C suggests?
upvoted 0 times
Moira
1 year ago
I agree, let's go with Option C and implement Authenticated Encryption with Associated Data functions.
upvoted 0 times
...
Ciara
1 year ago
Option C sounds like a good idea. It would be easier to just use the native BigQuery features.
upvoted 0 times
...
...
Izetta
2 years ago
I'd go with Option A. Associating the key with the table during creation sounds like the simplest approach.
upvoted 0 times
...
Mollie
2 years ago
Option B seems like the way to go. Keeping the encryption key separate from the data is a good security practice.
upvoted 0 times
Louvenia
2 years ago
I agree. Using a customer-managed encryption key in Cloud KMS for encrypting data before storing in BigQuery is a secure approach.
upvoted 0 times
...
Abel
2 years ago
I think option B is the best choice. It's important to keep the encryption key separate from the data.
upvoted 0 times
...
...

Save Cancel