Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: De-identify sensitive data before model training by using Cloud Data Loss Prevention (DLP)APIs. and implement strict Identity and Access Management (IAM) policies to control access to BigQuery.

The question requires maintaining data privacy throughout the ML model's lifecycle, ensuring personal data is not used in training, and restricting dataset access to authorized personnel only. Option A addresses all requirements comprehensively: Cloud DLP APIs de-identify sensitive data before training, preventing PII from being used in the model, while strict IAM policies control access to BigQuery. This covers data protection during processing (DLP) and access control (IAM). Option B (IAP) only addresses context-aware access but doesn't prevent PII use in training. Option C (CMEK) protects data at rest but doesn't address data de-identification for training. Option D (Confidential VMs) protects data in use but doesn't prevent PII from being used in model training. The community discussion strongly supports A (100% consensus, highest upvotes), emphasizing that it provides data privacy throughout the lifecycle by combining de-identification with access controls.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization is developing a sophisticated machine learning (ML) model to predict customer behavior for targeted marketing campaigns. The BigQuery dataset used for training contains sensitive personal information. You need to design security controls for the AI/ML pipeline to maintain data privacy throughout the model's lifecycle, ensure personal data is not used for training, and restrict dataset access to only an authorized subset of individuals. What should you do?

De-identify sensitive data before model training by using Cloud Data Loss Prevention (DLP)APIs. and implement strict Identity and Access Management (IAM) policies to control access to BigQuery.

Implement Identity-Aware Proxy to enforce context-aware access to BigQuery and models based on user identity and device.

Implement at-rest encryption by using customer-managed encryption keys (CMEK) for the pipeline. Implement strict Identity and Access Management (IAM) policies to control access to BigQuery.

Deploy the model on Confidential VMs for enhanced protection of data and code while in use. Implement strict Identity and Access Management (IAM) policies to control access to BigQuery.