ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 139 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 139
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You are backing up application logs to a shared Cloud Storage bucket that is accessible to both the administrator and analysts. Analysts should not have access to logs that contain any personally identifiable information (PII). Log files containing PII should be stored in another bucket that is only accessible to the administrator. What should you do?

  • A. Upload the logs to both the shared bucket and the bucket with PII that is only accessible to the administrator. Use the Cloud Data Loss Prevention API to create a job trigger. Configure the trigger to delete any files that contain PII from the shared bucket.
  • B. On the shared bucket, configure Object Lifecycle Management to delete objects that contain PII.
  • C. On the shared bucket, configure a Cloud Storage trigger that is only triggered when PII is uploaded. Use Cloud Functions to capture the trigger and delete the files that contain PII.
  • D. Use Pub/Sub and Cloud Functions to trigger a Cloud Data Loss Prevention scan every time a file is uploaded to the administrator's bucket. If the scan does not detect PII, have the function move the objects into the shared Cloud Storage bucket.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by jitu028 at Oct. 3, 2022, 2:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AzureDP900
Highly Voted 1 year, 1 month ago
D. Use Pub/Sub and Cloud Functions to trigger a Cloud Data Loss Prevention scan every time a file is uploaded to the administrator's bucket. If the scan does not detect PII, have the function move the objects into the shared Cloud Storage bucket
upvoted 8 times
...
jitu028
Highly Voted 1 year, 2 months ago
Answer is D
upvoted 7 times
...
7f97f9f
Most Recent 3 months, 3 weeks ago
Selected Answer: A
A is correct. A. Ensures that PII is always stored securely and then removes PII from the less secure location. D is incorrect because the approach is overly complex and inefficient. It requires unnecessary data movement and processing. It also stores the files in the administrators bucket first, then moves them to the shared bucket. It is much better to have the files go to the correct bucket to begin with.
upvoted 1 times
...
TNT87
9 months ago
Selected Answer: D
Answer D
upvoted 3 times
...
menbuk
10 months, 1 week ago
Selected Answer: D
Answer is D
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel