- Home
- Google Cloud Certified - Professional Cloud Security Engineer Exam
- Google.Professional-Cloud-Security-Engineer.v2024-02-23.q95
- Question 42
Valid Professional-Cloud-Security-Engineer Dumps shared by ExamDiscuss.com for Helping Passing Professional-Cloud-Security-Engineer Exam! ExamDiscuss.com now offer the newest Professional-Cloud-Security-Engineer exam dumps, the ExamDiscuss.com Professional-Cloud-Security-Engineer exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Professional-Cloud-Security-Engineer dumps with Test Engine here:
Access Professional-Cloud-Security-Engineer Dumps Premium Version
(268 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 42/95
Your company wants to determine what products they can build to help customers improve their credit scores depending on their age range. To achieve this, you need tojoin user information in the company's banking app with customers' credit score data received from a third party. While using this raw data will allow you to complete this task, it exposes sensitive data, which could be propagated into new systems.
This risk needs to be addressed using de-identification and tokenization with Cloud Data Loss Prevention while maintaining the referential integrity across the database. Which cryptographic token format should you use to meet these requirements?
This risk needs to be addressed using de-identification and tokenization with Cloud Data Loss Prevention while maintaining the referential integrity across the database. Which cryptographic token format should you use to meet these requirements?
Correct Answer: A
Explanation
"This encryption method is reversible, which helps to maintain referential integrity across your database and has no character-set limitations."https://cloud.google.com/blog/products/identity-security/take-charge-of-your-data-how-tokenization
https://cloud.google.com/dlp/docs/pseudonymization
FPE provides fewer security guarantees compared to other deterministic encryption methods such as AES-SIV. For these reasons, Google strongly recommends using deterministic encryption with AES-SIV instead of FPE for all security sensitive use cases. Other methods like deterministic encryption using AES-SIV provide these stronger security guarantees and are recommended for tokenization use cases unless length and character set preservation are strict requirements-for example, for backward compatibility with a legacy data system.
"This encryption method is reversible, which helps to maintain referential integrity across your database and has no character-set limitations."https://cloud.google.com/blog/products/identity-security/take-charge-of-your-data-how-tokenization
https://cloud.google.com/dlp/docs/pseudonymization
FPE provides fewer security guarantees compared to other deterministic encryption methods such as AES-SIV. For these reasons, Google strongly recommends using deterministic encryption with AES-SIV instead of FPE for all security sensitive use cases. Other methods like deterministic encryption using AES-SIV provide these stronger security guarantees and are recommended for tokenization use cases unless length and character set preservation are strict requirements-for example, for backward compatibility with a legacy data system.
- Question List (95q)
- Question 1: You want data on Compute Engine disks to be encrypted at res...
- Question 2: A website design company recently migrated all customer site...
- Question 3: Your Google Cloud organization allows for administrative cap...
- Question 4: A customer's data science group wants to use Google Cloud Pl...
- Question 5: A patch for a vulnerability has been released, and a DevOps ...
- Question 6: You work for a large organization where each business unit h...
- Question 7: Your DevOps team uses Packer to build Compute Engine images ...
- Question 8: Employees at your company use their personal computers to ac...
- Question 9: You manage your organization's Security Operations Center (S...
- Question 10: A business unit at a multinational corporation signs up for ...
- Question 11: You are working with protected health information (PHI) for ...
- Question 12: Your company is using GSuite and has developed an applicatio...
- Question 13: You need to use Cloud External Key Manager to create an encr...
- Question 14: Your organization must comply with the regulation to keep in...
- Question 15: You need to audit the network segmentation for your Google C...
- Question 16: A DevOps team will create a new container to run on Google K...
- Question 17: You are the security admin of your company. You have 3,000 o...
- Question 18: You run applications on Cloud Run. You already enabled conta...
- Question 19: A large e-retailer is moving to Google Cloud Platform with i...
- Question 20: Your organization wants to be compliant with the General Dat...
- Question 21: You manage one of your organization's Google Cloud projects ...
- Question 22: An application running on a Compute Engine instance needs to...
- Question 23: An administrative application is running on a virtual machin...
- Question 24: Your organization s customers must scan and upload the contr...
- Question 25: In an effort for your company messaging app to comply with F...
- Question 26: Your security team uses encryption keys to ensure confidenti...
- Question 27: You are setting up a CI/CD pipeline to deploy containerized ...
- Question 28: A customer wants to run a batch processing system on VMs and...
- Question 29: You need to implement an encryption-at-rest strategy that pr...
- Question 30: Applications often require access to "secrets" - small piece...
- Question 31: You work for an organization in a regulated industry that ha...
- Question 32: You are a Security Administrator at your organization. You n...
- Question 33: You are part of a security team that wants to ensure that a ...
- Question 34: Your company conducts clinical trials and needs to analyze t...
- Question 35: Which two implied firewall rules are defined on a VPC networ...
- Question 36: While migrating your organization's infrastructure to GCP, a...
- Question 37: Which Identity-Aware Proxy role should you grant to an Ident...
- Question 38: Your company operates an application instance group that is ...
- Question 39: Your team needs to make sure that a Compute Engine instance ...
- Question 40: Your company's users access data in a BigQuery table. You wa...
- Question 41: You need to provide a corporate user account in Google Cloud...
- Question 42: Your company wants to determine what products they can build...
- Question 43: Your company runs a website that will store PII on Google Cl...
- Question 44: Your application is deployed as a highly available cross-reg...
- Question 45: A customer wants to make it convenient for their mobile work...
- Question 46: You need to enable VPC Service Controls and allow changes to...
- Question 47: Your organization acquired a new workload. The Web and Appli...
- Question 48: You want to use the gcloud command-line tool to authenticate...
- Question 49: In order to meet PCI DSS requirements, a customer wants to e...
- Question 50: Your organization has had a few recent DDoS attacks. You nee...
- Question 51: An engineering team is launching a web application that will...
- Question 52: You are the project owner for a regulated workload that runs...
- Question 53: Users are reporting an outage on your public-facing applicat...
- Question 54: Your organization is moving virtual machines (VMs) to Google...
- Question 55: Your company recently published a security policy to minimiz...
- Question 56: You are backing up application logs to a shared Cloud Storag...
- Question 57: Your company's chief information security officer (CISO) is ...
- Question 58: An organization's security and risk management teams are con...
- Question 59: You have the following resource hierarchy. There is an organ...
- Question 60: Your team sets up a Shared VPC Network where project co-vpc-...
- Question 61: Your organization recently activated the Security Command Ce...
- Question 62: You are tasked with exporting and auditing security logs for...
- Question 63: You need to implement an encryption at-rest strategy that re...
- Question 64: Your privacy team uses crypto-shredding (deleting encryption...
- Question 65: You are in charge of migrating a legacy application from you...
- Question 66: Your organization hosts a financial services application run...
- Question 67: A retail customer allows users to upload comments and produc...
- Question 68: Your organization uses Google Workspace Enterprise Edition t...
- Question 69: You want to prevent users from accidentally deleting a Share...
- Question 70: You are a member of your company's security team. You have b...
- Question 71: You are a member of the security team at an organization. Yo...
- Question 72: You manage your organization's Security Operations Center (S...
- Question 73: An organization adopts Google Cloud Platform (GCP) for appli...
- Question 74: A company is backing up application logs to a Cloud Storage ...
- Question 75: You control network traffic for a folder in your Google Clou...
- Question 76: A customer's internal security team must manage its own encr...
- Question 77: A company has been running their application on Compute Engi...
- Question 78: Your company requires the security and network engineering t...
- Question 79: Your team needs to prevent users from creating projects in t...
- Question 80: Your team needs to obtain a unified log view of all developm...
- Question 81: You are auditing all your Google Cloud resources in the prod...
- Question 82: In a shared security responsibility model for IaaS, which tw...
- Question 83: An office manager at your small startup company is responsib...
- Question 84: A company is running workloads in a dedicated server room. T...
- Question 85: You have a highly sensitive BigQuery workload that contains ...
- Question 86: A customer needs to launch a 3-tier internal web application...
- Question 87: Your Security team believes that a former employee of your c...
- Question 88: You are troubleshooting access denied errors between Compute...
- Question 89: A customer's company has multiple business units. Each busin...
- Question 90: You have numerous private virtual machines on Google Cloud. ...
- Question 91: Your organization previously stored files in Cloud Storage b...
- Question 92: Your organization wants full control of the keys used to enc...
- Question 93: A customer deploys an application to App Engine and needs to...
- Question 94: Last week, a company deployed a new App Engine application t...
- Question 95: Your organization wants to be General Data Protection Regula...
[×]
Download PDF File
Enter your email address to download Google.Professional-Cloud-Security-Engineer.v2024-02-23.q95.pdf