Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Your organization processes large volumes of potentially sensitive location data in Google Cloud for analysis and visualization. You need to design a solution for securely storing and processing this data that minimizes exposure risks and complies with regulatory requirements and internal data residency policies. What should you do?

Exam-Like

Enable location restrictions on Compute Engine instances and virtual disk resources where the data is handled. Apply labels to tag geographic metadata for all stored data.

Use the Cloud Data Loss Prevention (Cloud DLP) API to scan for sensitive location data before any storage or processing. Create Cloud Storage buckets with global availability for optimal performance, relying on Cloud DLP results to filter and control data access.

Comments

Loading comments...

Create regional Cloud Storage buckets with Object Lifecycle Management policies that limit data lifetime. Enable fine-grained access controls by using IAM conditions. Encrypt data with customer-managed encryption keys (CMEK) generated within specific Cloud KMS key locations.

Store data within BigQuery in a specified region by using dataset location configuration. Use authorized views and row-level security to enforce geographic access restrictions. Encrypt data within BigQuery tables by using customer-managed encryption keys (CMEK).