GCP Professional Cloud Architect Practice Question
A gaming studio is launching a new mobile game aimed at children under 13 in the United States. Gameplay events are published to a Cloud Pub/Sub topic, processed by a streaming Dataflow job, and then written to a BigQuery table that powers near-real-time leaderboards. To comply with COPPA, the studio must guarantee that no personal data such as email addresses, phone numbers, or device identifiers is ever stored in BigQuery, yet it wants to keep the existing Dataflow job and avoid adding complex new infrastructure. Which change best satisfies the requirement with the least operational overhead while maintaining near-real-time analytics?
Place the ingestion project inside a VPC Service Controls perimeter that restricts access to the company's corporate network.
Keep the pipeline unchanged but apply BigQuery column-level data masking policies so that analysts cannot view sensitive fields.
Encrypt the BigQuery dataset with customer-managed encryption keys (CMEK) and restrict dataset access to only the analytics service accounts.
Deploy Google's Cloud DLP de-identification Dataflow template to read from the current Pub/Sub topic, use the DLP API to redact or tokenise personal identifiers, publish the sanitized events to a new Pub/Sub topic, and repoint the existing Dataflow analytics job to that sanitized topic.
COPPA requires that personal identifiers for children under 13 not be stored unless there is verified parental consent. Encrypting or masking data after it reaches BigQuery, or restricting network egress with VPC Service Controls, does not prevent prohibited data from being saved. By inserting Google's provided Cloud DLP de-identification Dataflow template between the existing Pub/Sub topic and a new sanitized Pub/Sub topic, the studio can use the DLP API to tokenise or redact personal identifiers before any record reaches BigQuery. The original streaming analytics Dataflow job then simply reads from the sanitized topic, so operational changes are minimal and no personal data is ever written to storage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Cloud DLP, and how does it work?
Open an interactive chat with Bash
How does tokenization differ from encryption in the context of Cloud DLP?
Open an interactive chat with Bash
What is the role of Pub/Sub in a data processing pipeline?
Open an interactive chat with Bash
What is Cloud DLP and how does it work in this context?
Open an interactive chat with Bash
What is the purpose of Pub/Sub in this pipeline?
Open an interactive chat with Bash
How does Dataflow integrate with BigQuery for real-time analytics?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Designing for security and compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .