Google Cloud Professional Cloud Security Engineer — Question 107

Your organization's Customers must scan and upload the contract and their driver license into a web portal in Cloud Storage. You must remove all personally identifiable information (PII) from files that are older than 12 months. Also, you must archive the anonymized files for retention purposes.

What should you do?

Answer options

• A. Set a time to live (TTL) of 12 months for the files in the Cloud Storage bucket that removes PII and moves the files to the archive storage class.
• B. Create a Cloud Data loss Prevention (DLP) inspection job that de-identifies PII in files created more than 12 months ago and archives them to another Cloud Storage bucket. Delete the original files.
• C. Configure the Autoclass feature of the Cloud Storage bucket to de-identify PII. Archive the files that are older than 12 months. Delete the original files.
• D. Schedule a Cloud Key Management Service (KMS) rotation period of 12 months for the encryption keys of the Cloud Storage files containing PII to de-identify them. Delete the original keys.

Correct answer: B

Explanation

The correct answer is B because it specifically uses a Cloud Data Loss Prevention (DLP) job to de-identify PII in files older than 12 months and ensures they are archived properly. Option A does not involve proper PII removal processes, C misuses the Autoclass feature for PII removal, and D incorrectly suggests using KMS key rotation as a means of de-identifying data.