Google Cloud Professional Cloud Security Engineer — Question 343

Your application development team is releasing a new critical feature. To complete their final testing, they requested 10 thousand real transaction records. The new feature includes format checking on the primary account number (PAN) of a credit card. You must support the request and minimize the risk of unintended personally identifiable information (PII) exposure. What should you do?

Answer options

• A. Run the new application by using Confidential Computing to ensure PII and card PAN is encrypted in use.
• B. Scan and redact PII from the records by using the Cloud Data Loss Prevention API. Perform format-preserving encryption on the card PAN.
• C. Encrypt the records by using Cloud Key Management Service to protect the PII and card PAN.
• D. Build a tool to replace the card PAN and PII fields with randomly generated values.

Correct answer: B

Explanation

Option B is correct because it not only redacts PII but also applies format-preserving encryption to the PAN, ensuring compliance while maintaining the data's usability for testing. Option A focuses on encryption during processing but does not address the need for direct data access. Option C encrypts the records but does not specifically mention handling PII exposure. Option D removes sensitive data but may not meet testing requirements due to the lack of real transaction formats.