Google Cloud Professional Cloud Security Engineer — Question 322

Your organization must follow the Payment Card Industry Data Security Standard (PCI DSS). To prepare for an audit, you must detect deviations on an infrastructure-as-a-service level in your Google Cloud landing zone. What should you do?

Answer options

• A. Create a data profile covering all payment relevant data types. Configure Data Discovery and a risk analysis job in Google Cloud Sensitive Data Protection to analyze findings.
• B. Use the Google Cloud Compliance Reports Manager to download the latest version of the PCI DSS report Analyze the report to detect deviations.
• C. Create an Assured Workloads folder in your Google Cloud organization. Migrate existing projects into the folder and monitor for deviations in the PCI DSS.
• D. Activate Security Command Center Premium. Use the Compliance Monitoring product to filter findings that may not be PCI DSS compliant.

Correct answer: D

Explanation

The correct answer is D because activating Security Command Center Premium and using the Compliance Monitoring product allows for direct filtering of compliance issues related to PCI DSS. Option A is focused on data profiling rather than compliance monitoring, B is about analyzing a report after the fact rather than ongoing monitoring, and C involves organizational changes that do not directly address detection of deviations.