Google Cloud Professional Data Engineer — Question 307

You work for a shipping company that uses handheld scanners to read shipping labels. Your company has strict data privacy standards that require scanners to only transmit tracking numbers when events are sent to Kafka topics. A recent software update caused the scanners to accidentally transmit recipients' personally identifiable information (PII) to analytics systems, which violates user privacy rules. You want to quickly build a scalable solution using cloud-native managed services to prevent exposure of PII to the analytics systems. What should you do?

Answer options

• A. Create an authorized view in BigQuery to restrict access to tables with sensitive data.
• B. Install a third-party data validation tool on Compute Engine virtual machines to check the incoming data for sensitive information.
• C. Use Cloud Logging to analyze the data passed through the total pipeline to identify transactions that may contain sensitive information.
• D. Build a Cloud Function that reads the topics and makes a call to the Cloud Data Loss Prevention (Cloud DLP) API. Use the tagging and confidence levels to either pass or quarantine the data in a bucket for review.

Correct answer: D

Explanation

The correct answer is D because building a Cloud Function that interacts with the Cloud DLP API allows for real-time inspection and handling of sensitive data, ensuring compliance with privacy regulations. Options A and B do not directly prevent PII exposure in real-time, while option C focuses on analysis after data has already been transmitted, which does not provide a proactive solution.