Exam Professional Data Engineer topic 1 question 168 discussion

B. While C and D are intriguing, they don't specify how to enable customer service representatives to receive access to the encryption token.

I don't see why we should use DLP since we know exactly the column that should be locked or encrypted. On the other hand having a cryptographic representation of SSN helps to aggregate/analyse entries. So I will vote for D, but B is much more easy to implement. Garbage question indeed.

In the question, there is no mention of SSN column.

Authorized users can decrypt the FPE tokens back to the original GIINs, D is the best option.

D (FPE) does indeed allow encryption to be reversed if desired, allowing operatives to review the original key. This makes it preferable to B, as it's also more secure.

D: SSN is only tied to USA not in any other countries, The question did not mention SSN.

The best option is D - Before loading the data into BigQuery, use Cloud Data Loss Prevention (DLP) to replace input values with a cryptographic format-preserving encryption token. The key reasons are: DLP allows redacting sensitive PII like SSNs before loading into BigQuery. This provides security by default for the raw SSN values. Using format-preserving encryption keeps the column format intact while still encrypting, allowing business logic relying on SSN format to continue functioning. The encrypted tokens can be reversed to view original SSNs when required, meeting the access requirement for customer service reps.

Even if you provide Column level access control, The Data Owners or other hierarchies above it will also be able to view very sensitive data. Better to just use encryption and decryption. As this data can also never be used for any analytic workloads

Answer has to be D. Question says "you decide to redact your customers' Government issued Identification Number while allowing customer service representatives to view the original values when necessary"... Redact... view the original values... D is the only choice.

It might not be D! Since - only the Frame is kept. the data will be changed. Format Preserving Encryption (FPE), endorsed by NIST, is an advanced encryption technique that transforms data into an encrypted format while preserving its original structure. For instance, a 16-digit credit card number encrypted with FPE will still be a 16-digit number

Customer service needs to see the original value, not possible with other options.

of course B

I believe the crux to the question is that the cryptographic format-preserving encryption token is re-identifiable, whereas the cryptographic hash is not: https://cloud.google.com/dlp/docs/transformations-reference Therefore, customer service can view the original values when necessary in case of D.

the question mentions that "user data is sent to Pub/Sub before being ingested" instead of just saying data goes to big query through pub/sub. So some alteration is expected before being injected into the big query. So option D should work.

D. The question says giving CSR's access to values "when necessary" - not default access like given in B. D is a better option using the token.

One of the key requirement is to be able to let authorized personel see the ID. D doesn't specify that.

The answer is between B and D as well described in many comments. I personally do not see any reason to keep the information available using a token or a mask. It is not a PAN card number, it's just a personal ID. It should not be useful for analytical purposes. I'm gonna go for D then