Google Cloud Professional Cloud Security Engineer — Question 217

Your financial services company needs to process customer personally identifiable information (PII) for analytics while adhering to strict privacy regulations. You must transform this data to protect individual privacy to ensure that the data retains its original format and consistency for analytical integrity. Your solution must avoid full irreversible deletion. What should you do?

Answer options

• A. Use Cloud Key Management Service (Cloud KMS) to encrypt the entire dataset with a customer-managed encryption key (CMEK).
• B. Set up VPC Service Controls around the BigQuery project. Implement row-level encryption.
• C. Implement a custom BigQuery user-defined function (UDF) by using JavaScript to hash all sensitive fields before they are loaded into the analytical tables.
• D. Configure Sensitive Data Protection (SDP) to de-identify PII using format-preserving encryption (FPE).

Correct answer: D

Explanation

The correct answer is D because format-preserving encryption (FPE) allows for the transformation of sensitive data while keeping its original format, which is essential for maintaining analytical integrity. Other options, such as encryption with Cloud KMS or hashing, either do not preserve the format or may lead to irreversible data loss, which does not meet the requirements stated in the question.