GCP Professional Cloud Security Engineer Practice Question
Your fraud analytics team loads card-transaction CSVs from Cloud Storage into BigQuery for Vertex AI model training. Compliance requires that primary account numbers (PANs) be tokenized so data scientists cannot view real values but training still sees realistic formats. You need an automated pipeline that discovers PANs, replaces each one with a consistent, format-preserving token, and writes the sanitized data to a separate BigQuery table. Which solution meets the requirement?
Create a Confidential VM-based Vertex AI Workbench environment and rely on encrypted memory to prevent exposure of PANs during analysis.
Run a Sensitive Data Protection discovery scan on the Cloud Storage bucket and export the findings to Cloud Logging; instruct data scientists to ignore the PAN column.
Configure a Sensitive Data Protection inspection job that detects the built-in CREDIT_CARD_NUMBER infoType and applies a de-identification template using format-preserving encryption; output the job to a new BigQuery table used for training.
Enable BigQuery column-level security with policy tags on the PAN column and give data scientists access only through an authorized view.
A Sensitive Data Protection (formerly Cloud DLP) inspection job can scan data in BigQuery or Cloud Storage, detect built-in infoTypes such as CREDIT_CARD_NUMBER, and immediately apply a de-identification template. A template that uses format-preserving encryption (FPE) creates a deterministic token with the same length and character set as the original PAN, allowing downstream analytics to treat it like realistic data without revealing the real value. The job can be configured to write the transformed records into a new BigQuery table that the data-science team will query. Column-level security simply hides the column, discovery scans do not transform data, and Confidential VMs protect data in memory but do not de-identify it.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Sensitive Data Protection in GCP?
Open an interactive chat with Bash
What is format-preserving encryption (FPE) and why is it useful?
Open an interactive chat with Bash
How does a Sensitive Data Protection inspection job work in GCP?
Open an interactive chat with Bash
What is format-preserving encryption (FPE)?
Open an interactive chat with Bash
What is Sensitive Data Protection in GCP?
Open an interactive chat with Bash
How does a de-identification template work in GCP?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Ensuring data protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .