Free Google Professional Data Engineer Actual Exam Questions - Question 13 Discussion
sources into Cloud Storage. The data analyst team wants to join these datasets on the email field
available in both the datasets to perform analysis. However, personally identifiable information (PII)
should not be accessible to the analysts. You need to de-identify the email field in both the datasets
before loading them into BigQuery for analysts. What should you do?
B. Format-preserving encryption keeps the email structure so joining still works, unlike masking options that break the join key. This fits the need to hide PII but preserve joinability.
B Using format-preserving encryption keeps the email format intact so joining works, unlike masking which breaks join keys. Just need to handle key security carefully.
B/D? B keeps joinability with encryption, D might hide emails too much for joins.
Option A isn’t great because masking usually removes or hides parts of the email, so joining on that field would be impossible. You need the de-identified emails to still match for the join.
Maybe B. Format-preserving encryption with Cloud DLP sounds like it protects the email but still lets you join on the encrypted values since the format is kept. Masking might hide too much, making joins impossible. The dynamic masking options (C and D) seem more for hiding data at query time rather than actually de-identifying fields before loading, which might not meet the requirement here. So B seems like it hits both points: de-identification and joinability before loading into BigQuery. Not 100% sure though, but that’s my read.