Google Cloud Professional Cloud DevOps Engineer — Question 192

You are deploying a new application on Google Kubernetes Engine (GKE) that processes personally identifiable information (PII). You need to configure Cloud Logging to collect logs from your application while ensuring that sensitive user information is not exposed. What should you do?

Answer options

• A. Implement log sampling to reduce the volume of logs collected.
• B. Configure Cloud Data Loss Prevention to scan logs in real-time and redact PII before it's stored in Cloud Logging.
• C. Disable Cloud Logging for the application to prevent sensitive data from being logged.
• D. Store all logs in an encrypted Cloud Storage bucket with restricted access.

Correct answer: B

Explanation

The correct answer is B because configuring Cloud Data Loss Prevention to scan and redact PII ensures sensitive information is protected while still allowing for log collection. Answer A may reduce log volume but does not protect sensitive data. Answer C completely disables logging, which is not a viable solution for monitoring. Answer D, while enhancing security, does not specifically address the need to redact PII before logs are stored.