A company uses BigQuery to store sensitive data and wants to implement data masking using policy tags. They have three user groups: data_engineers (full access), data_analysts (masked PII), and data_scientists (masked financial data). Which THREE steps should they take?
Taxonomy must be published before policy tags can be used.
Why this answer
Option A is correct because after creating a taxonomy with policy tags in Cloud Data Catalog, you must publish the taxonomy to make those policy tags available for use in BigQuery. Publishing associates the taxonomy with the project and allows BigQuery to enforce data masking rules based on the policy tags applied to columns.
Exam trap
Google Cloud often tests the misconception that only one policy tag can be applied per column, but BigQuery supports multiple tags per column, and the most restrictive masking rule is enforced.