PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #96
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #96: Real Exam Question with Answer & Explanation
The correct answer is B: Cloud Data Loss Prevention API. A is not correct because Bucket Lock feature is for protecting the data retention policy and doesn't address the use case. B is correct because Cloud Data Loss Prevention API can be used to inspect Cloud Storage buckets for PII. C is not correct because while VPC Service Controls
Question
An organization is working on their GDPR compliance strategy. It wants to ensure that controls are in place to ensure that customer PII is stored in Cloud Storage buckets without third-party exposure. Which Google Cloud solution should the organization use to verify that PII is stored in the correct place without exposing PII internally?
Options
- ACloud Storage Bucket Lock
- BCloud Data Loss Prevention API
- CVPC Service Controls
- DCloud Security Scanner
Explanation
A is not correct because Bucket Lock feature is for protecting the data retention policy and doesn't address the use case. B is correct because Cloud Data Loss Prevention API can be used to inspect Cloud Storage buckets for PII. C is not correct because while VPC Service Controls can allow customers to define security perimeters around Cloud Storage Buckets in order to mitigate data exfiltration risks, it's not a tool to locate PIIs hence doesn't address this use case. D is not correct because Cloud Security Scanner is a web security scanner for App Engine, Compute Engine, and Google Kubernetes Engine applications and doesn't address the use case. https://cloud.google.com/storage/docs/bucket-lock https://cloud.google.com/dlp/docs/inspecting-storage#inspecting-gcs https://cloud.google.com/vpc-service-controls/ https://cloud.google.com/security-scanner/
Topics
Community Discussion
No community discussion yet for this question.