ARA-C01 · Question #53
The following table exists in the production database: A regulatory requirement states that the company must mask the username for events that are older than six months based on the current date when
The correct answer is C. Use a masking policy on the username column with event_timestamp as a conditional column.. The requirement has three constraints: no data duplication, automatic propagation to views and clones, and time-based masking of a column. A Dynamic Data Masking policy on the username column using event_timestamp as a conditional column satisfies all three. The masking policy fu
Question
The following table exists in the production database:
A regulatory requirement states that the company must mask the username for events that are older than six months based on the current date when the data is queried. How can the requirement be met without duplicating the event data and making sure it is applied when creating views using the table or cloning the table?
Options
- AUse a masking policy on the username column using a entitlement table with valid dates.
- BUse a row level policy on the user_events table using a entitlement table with valid dates.
- CUse a masking policy on the username column with event_timestamp as a conditional column.
- DUse a secure view on the user_events table using a case statement on the username column.
How the community answered
(46 responses)- A4% (2)
- B2% (1)
- C83% (38)
- D11% (5)
Explanation
The requirement has three constraints: no data duplication, automatic propagation to views and clones, and time-based masking of a column. A Dynamic Data Masking policy on the username column using event_timestamp as a conditional column satisfies all three. The masking policy function can reference the row's own event_timestamp value to decide whether to mask the username (e.g., if the timestamp is older than 6 months, return a masked value). Because masking policies are attached to the column, they automatically apply when the table is cloned or used in a view. Option A (entitlement table) is designed for user-based entitlements, not row-level time conditions. Option B (row-level security) hides entire rows rather than masking a column value. Option D (secure view) would require manually recreating the logic in every view and does not propagate to clones.
Topics
Community Discussion
No community discussion yet for this question.