You are designing a data protection strategy for a Snowflake environment that processes sensitive payment card industry (PCI) data'. You decide to use a combination of column-level security and external tokenization. Which of the following statements are TRUE regarding the advantages of using both techniques together? (Select TWO)
Correct Answer: B,D
Combining masking policies and external tokenization provides defense in depth. Masking policies control who can see sensitive data (or a masked version), while tokenization replaces the actual data with a non-sensitive representation. This means that even if a user bypasses the masking policy (e.g., through a vulnerability), they still won't see the actual PCl data. Also, you can use column-level security to control access to the tokenization and detokenization functions. Option A is incorrect, sensitive data exists until tokenized. Option C is incorrect as using both techniques strengthens security. Option E is Incorrect, as both the techniques impact query performance