Google Cloud Professional Cloud Security Engineer — Question 310

Your organization is building a chatbot that is powered by generative AI to deliver automated conversations with internal employees. You must ensure that no data with personally identifiable information (PII) is communicated through the chatbot. What should you do?

Answer options

• A. Encrypt data at rest for both input and output by using Cloud KMS, and apply least privilege access to the encryption keys.
• B. Discover and transform PII data in both input and output by using the Cloud Data Loss Prevention (Cloud DLP) API.
• C. Prevent PII data exfiltration by using VPC-SC to create a safe scope around your chatbot.
• D. Scan both input and output by using data encryption tools from the Google Cloud Marketplace.

Correct answer: B

Explanation

The correct answer is B because using the Cloud Data Loss Prevention (Cloud DLP) API allows you to discover and transform any PII data, ensuring that it does not get communicated. The other options focus on encryption or perimeter security, which do not directly address the need to identify and transform PII data effectively.