Google Cloud Professional Cloud Security Engineer — Question 203

Your organization is building an application powered by generative AI that uses sensitive internal data lo train the AI model. The application is built using Vertex AI, which is generally available in your region. You must ensure Google does not use your sensitive data when tuning public models because it could result in your data being shared with other Google Cloud customers. What should you do?

Answer options

• A. Do not use Vertex AI for sensitive data. Use only public data with minimal privacy requirements.
• B. Encrypt your data by using customer-managed encryption keys (CMEK) to have full control over encryption key access.
• C. Do nothing. Vertex AI foundation models are frozen by default and do not use your data for model-tuning purposes.
• D. Contact Google support to opt out of model tuning.

Correct answer: C

Explanation

The correct answer is C because Vertex AI foundation models are designed to be static and do not incorporate user data for model tuning. Option A is incorrect because avoiding Vertex AI entirely is unnecessary if the data usage is managed correctly. Option B, while a good security practice, does not directly prevent the use of data for model tuning. Option D is not applicable since the default behavior of Vertex AI does not involve using sensitive data for tuning.