PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #179
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #179: Real Exam Question with Answer & Explanation
The correct answer is B: Cloud Key Management Service. B: you need KMS to store the CryptoKey https://cloud.google.com/dlp/docs/reference/rest/v2/projects.deidentifyTemplates#crypt E: for the de-identity you need to use CryptoReplaceFfxFpeConfig or CryptoDeterministicConfig https://cloud.google.com/dlp/docs/reference/rest/v2/projects
Question
You discovered that sensitive personally identifiable information (PII) is being ingested to your Google Cloud environment in the daily ETL process from an on- premises environment to your BigQuery datasets. You need to redact this data to obfuscate the PII, but need to re-identify it for data analytics purposes. Which components should you use in your solution? (Choose two.)
Options
- ASecret Manager
- BCloud Key Management Service
- CCloud Data Loss Prevention with cryptographic hashing
- DCloud Data Loss Prevention with automatic text redaction
- ECloud Data Loss Prevention with deterministic encryption using AES-SIV
Explanation
B: you need KMS to store the CryptoKey https://cloud.google.com/dlp/docs/reference/rest/v2/projects.deidentifyTemplates#crypt E: for the de-identity you need to use CryptoReplaceFfxFpeConfig or CryptoDeterministicConfig https://cloud.google.com/dlp/docs/reference/rest/v2/projects.deidentifyTemplates#cryptodetermini https://cloud.google.com/dlp/docs/deidentify-sensitive-data
Topics
Community Discussion
No community discussion yet for this question.