Exam Professional Cloud Security Engineer topic 1 question 259 discussion

The question starts with "Your team maintains 1 Peta Byte of data in bigquery". That's a lot of data. If you go with option C, you either: - De-identify the sensitive information in the original dataset, rendering this table and the info in it useless for the original team that uses it. - Clone the entire dataset (another 1PB), de-indentify the sensitive data and grant access to the other team. So obivously A is the better answer here, because the PII is still needed, just can't share it with other teams.

Option A suggests using BigQuery's row-level access policies to mask PII columns based on the other team's user identities. Granularity of Protection: Row-level access policies are useful for controlling access to specific rows based on user identities, but they may not be as effective for masking or protecting specific columns containing PII. This approach might not fully anonymize the data, leaving some sensitive information potentially exposed. Complexity and Maintenance: Implementing and maintaining row-level access policies can be complex, especially if the dataset is large and the access requirements are detailed. This can lead to increased administrative overhead. Pseudonymization Benefits: Pseudonymization (option C) ensures that PII is replaced with non-identifiable values, providing a higher level of data protection. This method is more straightforward and ensures that the other team can work with the data without risking exposure of sensitive information.

yes, "replace" the original data is wrong. we need somewhere to keep the true copy of data. If copy to another target and then replace the PII then it is OK. But saying 1PB data, it is time consuming for the copy operation and high BQ cost. C is not a good option.

so your answer should be A. My answer is A

replacing the original PII values in the BQ? so where is the original true copy of data?