GCP Professional Cloud Security Engineer Practice Question
Your security operations team must continuously locate and classify credit-card and national-ID data that may appear in any of the hundreds of BigQuery datasets spread across several projects in your organization. New datasets are created frequently, and the team wants a centrally managed solution that automatically profiles every current and future table and publishes its findings to Security Command Center (SCC) for unified reporting. Which approach best satisfies these requirements with the least ongoing maintenance effort?
Enforce VPC Service Controls around BigQuery and export BigQuery Data Access audit logs to SCC to monitor for sensitive information.
Query BigQuery INFORMATION_SCHEMA metadata to locate columns with keywords such as "ssn" or "card", then forward the query results to SCC through Pub/Sub.
Enable Sensitive Data Protection discovery at the organization (or folder) level with automatic profiling and the built-in export of findings to Security Command Center.
Schedule a monthly SDP inspection job in each project that scans all datasets and writes results to Cloud Logging for later ingestion into SCC.
Sensitive Data Protection (SDP) discovery provides an organization- or folder-level "automatic profiling" capability that continuously scans all present and newly created BigQuery tables for sensitive data without requiring administrators to enumerate each dataset. When discovery is enabled, profiling results are automatically written to Security Command Center, where the security team can view and act on the findings. Creating individual inspection jobs or harvesting metadata manually would require ongoing manual updates as new datasets appear and would not natively populate SCC. Similarly, exporting Data Access logs or relying solely on VPC Service Controls does not discover or classify the sensitive data itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Sensitive Data Protection (SDP) in GCP?
Open an interactive chat with Bash
How does SDP profiling work with Security Command Center (SCC)?
Open an interactive chat with Bash
Why is automatic profiling preferred over manual methods in detecting sensitive data?
Open an interactive chat with Bash
What is Sensitive Data Protection (SDP) in GCP?
Open an interactive chat with Bash
What is Security Command Center (SCC), and how does it enhance security?
Open an interactive chat with Bash
How does automatic profiling in SDP differ from custom inspection jobs?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Ensuring data protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .