Google Professional Cloud Architect
Get started today
Ultimate access to all questions.
Based on the Helicopter Racing League (HRL) case study, your team is in charge of creating a payment card data vault for card numbers used to bill tens of thousands of viewers, merchandise consumers, and season ticket holders. HRL wants to expand their predictive capabilities and reduce latency for their viewers in emerging markets. You need to implement a custom card tokenization service that meets the following requirements: * It must provide low latency at minimal cost. * It must be able to identify duplicate credit cards and must not store plaintext card numbers. * It should support annual key rotation. Which storage approach should you adopt for your tokenization service?
Based on the Helicopter Racing League (HRL) case study, your team is in charge of creating a payment card data vault for card numbers used to bill tens of thousands of viewers, merchandise consumers, and season ticket holders. HRL wants to expand their predictive capabilities and reduce latency for their viewers in emerging markets. You need to implement a custom card tokenization service that meets the following requirements: * It must provide low latency at minimal cost. * It must be able to identify duplicate credit cards and must not store plaintext card numbers. * It should support annual key rotation. Which storage approach should you adopt for your tokenization service?
Explanation:
The correct answer is B: Encrypt the card data with a deterministic algorithm stored in Firestore using Datastore mode. This is because using a deterministic algorithm allows for identifying duplicate credit cards without storing plaintext card numbers, satisfying the requirement of not storing plain text. Firestore in Datastore mode supports this functionality while providing low latency at a minimal cost. Additionally, Firestore can scale to millions of writes per second, making it an efficient choice for a high-volume service like the one needed by HRL. The deterministic encryption ensures that the same input yields the same encrypted output, assisting in the identification of duplicates while maintaining security.