Answer-first summary for fast verification
Answer: Configure Cloud Data Loss Prevention to scan logs in real-time and redact PII before it's stored in Cloud Logging.
To ensure that sensitive user information (PII) is not exposed while collecting logs from your application on Google Kubernetes Engine (GKE), the best approach is to use Cloud Data Loss Prevention (DLP) to scan logs in real-time and redact PII before it's stored in Cloud Logging. This method allows you to continue collecting necessary logs without exposing sensitive information. Implementing log sampling (A) reduces log volume but does not address PII exposure. Disabling Cloud Logging (C) prevents log collection entirely, which is not a practical solution for monitoring and debugging. Storing logs in an encrypted Cloud Storage bucket (D) secures the logs but does not prevent PII from being logged in the first place.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you configure Cloud Logging to collect logs from a GKE-deployed application handling personally identifiable information (PII) while preventing exposure of sensitive user data?
A
Implement log sampling to reduce the volume of logs collected.
B
Configure Cloud Data Loss Prevention to scan logs in real-time and redact PII before it's stored in Cloud Logging.
C
Disable Cloud Logging for the application to prevent sensitive data from being logged.
D
Store all logs in an encrypted Cloud Storage bucket with restricted access.
No comments yet.