Google Cloud Professional Cloud Security Engineer — Question 64

You are working with protected health information (PHI) for an electronic health record system. The privacy officer is concerned that sensitive data is stored in the analytics system. You are tasked with anonymizing the sensitive data in a way that is not reversible. Also, the anonymized data should not preserve the character set and length. Which Google Cloud solution should you use?

Answer options

• A. Cloud Data Loss Prevention with deterministic encryption using AES-SIV
• B. Cloud Data Loss Prevention with format-preserving encryption
• C. Cloud Data Loss Prevention with cryptographic hashing
• D. Cloud Data Loss Prevention with Cloud Key Management Service wrapped cryptographic keys

Correct answer: C

Explanation

The correct answer is C, as cryptographic hashing irreversibly transforms data into a fixed-length string, ensuring that the original data cannot be retrieved. Options A and B are incorrect because deterministic encryption and format-preserving encryption can potentially allow for data recovery or retention of identifiable characteristics. Option D does not provide a direct method for anonymization as it focuses on key management rather than data transformation.