Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create a Cloud Data loss Prevention (DLP) inspection job that de-identifies PII in files created more than 12 months ago and archives them to another Cloud Storage bucket. Delete the original files.

Option B is the correct answer because Cloud Data Loss Prevention (DLP) is specifically designed to detect and de-identify sensitive data like PII. It can be configured to inspect files older than 12 months, remove PII through de-identification techniques, archive the anonymized files to another Cloud Storage bucket for retention, and securely delete the original files containing PII. This approach directly addresses the requirement to remove PII from older files while maintaining archival copies. Option A (TTL) only manages file lifecycle and storage class but does not de-identify PII. Option C (Autoclass) is for automated storage class management and lacks PII de-identification capabilities. Option D (KMS key rotation) only changes encryption keys but does not remove or de-identify the actual PII content in the files. The community discussion shows 100% consensus on B with detailed reasoning about DLP's specific capabilities for PII handling.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization requires customers to scan and upload their contracts and driver's licenses to a web portal, with files stored in Cloud Storage. You need to remove all Personally Identifiable Information (PII) from files that are older than 12 months and then archive the anonymized files for retention.

What should you do?

Exam-Like

Set a time to live (TTL) of 12 months for the files in the Cloud Storage bucket that removes PII and moves the files to the archive storage class.

Create a Cloud Data loss Prevention (DLP) inspection job that de-identifies PII in files created more than 12 months ago and archives them to another Cloud Storage bucket. Delete the original files.

Configure the Autoclass feature of the Cloud Storage bucket to de-identify PII. Archive the files that are older than 12 months. Delete the original files.

Schedule a Cloud Key Management Service (KMS) rotation period of 12 months for the encryption keys of the Cloud Storage files containing PII to de-identify them. Delete the original keys.