GCP Professional Cloud Architect Practice Question
Your company is creating a conversational agent using a custom Vertex AI model. Users send free-form prompts that might contain Social Security numbers or other PII. Corporate policy states that no raw PII may be persisted anywhere in Google Cloud, including prediction logs. Inference latency must remain under 300 ms and the team wants to avoid managing servers. Which architecture best satisfies these requirements?
Store prompts in Cloud Storage and run a nightly Cloud Dataflow job that uses Cloud DLP to de-identify the data before refeeding it into Vertex AI for batch prediction.
Place the Vertex AI endpoint behind Identity-Aware Proxy and within a VPC Service Controls perimeter, preventing egress to unauthorized networks without performing additional data inspection.
Call the Vertex AI predictions endpoint directly, disable request/response logging, and rely on default encryption at rest to protect any PII that is written to internal logs.
Front the Vertex AI endpoint with an HTTP Cloud Function that synchronously invokes Cloud DLP inspectContent and deidentifyContent to redact PII from both the user prompt and the model response before forwarding traffic or writing any logs, with Vertex AI logging disabled.
Invoking Cloud DLP's synchronous inspectContent/deidentifyContent methods from a lightweight Cloud Function lets you remove or mask sensitive data in-line, before any text is forwarded to Vertex AI or written to logs. The Cloud Function is fully managed, so there is no infrastructure to maintain, and the DLP content methods typically add only a few tens of milliseconds for short text, keeping overall latency well within 300 ms. Simply turning off logging or relying on encryption does not prevent raw PII from reaching back-end services. A VPC Service Controls perimeter or IAP restricts egress but still allows unredacted data to be stored internally. A nightly Dataflow pipeline would still persist raw data during the day and violates the real-time latency requirement and the "no storage" constraint.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Cloud DLP and how does it help with PII redaction?
Open an interactive chat with Bash
Why is using a Cloud Function beneficial in this architecture?
Open an interactive chat with Bash
What role does Vertex AI play in conversational agents?
Open an interactive chat with Bash
How does Cloud DLP assist in handling PII in real-time?
Open an interactive chat with Bash
Why is relying solely on encryption at rest not recommended for PII management?
Open an interactive chat with Bash
What are the advantages of using Cloud Functions for Vertex AI integration?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Designing for security and compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .