Google Cloud Professional Cloud Security Engineer — Question 257

A company is running their webshop on Google Kubernetes Engine and wants to analyze customer transactions in BigQuery. You need to ensure that no credit card numbers are stored in BigQuery
What should you do?

Answer options

• A. Create a BigQuery view with regular expressions matching credit card numbers to query and delete affected rows.
• B. Use the Cloud Data Loss Prevention API to redact related infoTypes before data is ingested into BigQuery.
• C. Leverage Security Command Center to scan for the assets of type Credit Card Number in BigQuery.
• D. Enable Cloud Identity-Aware Proxy to filter out credit card numbers before storing the logs in BigQuery.

Correct answer: B

Explanation

The correct answer is B because the Cloud Data Loss Prevention API is specifically designed to identify and redact sensitive information, such as credit card numbers, before it is ingested into BigQuery. Option A is incorrect because creating a view does not prevent the data from being stored; it only affects how data is queried. Option C is not suitable as the Security Command Center does not prevent credit card numbers from being stored. Option D does not apply, as Cloud Identity-Aware Proxy is primarily used for access control rather than data redaction.