Google Cloud Professional Cloud Security Engineer Practice Exam

Which cryptographic token format is recommended for addressing sensitive data exposure while maintaining referential integrity?

• A. Deterministic encryption
• B. Randomized encryption
• C. Public key encryption
• D. Symmetric encryption

The correct answer is: Deterministic encryption

The recommended cryptographic token format for addressing sensitive data exposure while maintaining referential integrity is deterministic encryption. This form of encryption allows the same plaintext input to consistently generate the same ciphertext output. This predictable behavior is essential in scenarios where referential integrity is necessary, such as when data needs to stay linked across various tables or services while being encrypted. In use cases like databases or data warehousing, maintaining consistent identifiers across encrypted records is vital for relationships and lookups. For instance, if a user’s ID is encrypted deterministically, subsequent access or operations involving that ID can still reference the original encrypted value, preserving the relationships within the dataset. Randomized encryption, while useful for stronger security against certain types of attacks, does not maintain referential integrity, as it produces different ciphertext values from the same plaintext each time it is encrypted. This makes it unsuitable for scenarios where consistent identification is crucial. Public key encryption and symmetric encryption serve different roles. Public key encryption is primarily used for secure key exchange and signatures rather than directly addressing sensitive data exposure in a way that preserves referential integrity. Symmetric encryption, while it provides confidentiality, lacks the ability to consistently map a plaintext input to a ciphertext output without additional mechanisms, which is why it is not the best choice