GCP Professional Cloud Security Engineer Practice Question
Your security team must locate and classify PII across 10 TB of historical CSV files already in multiple Cloud Storage buckets and BigQuery datasets, and continuously profile any newly created data in those locations. In addition, the team occasionally receives log files from an on-prem system through a secure API and wants to scan each file for sensitive data before storing it. Which Sensitive Data Protection inspection mechanisms should you implement to satisfy these requirements?
Set up streaming content inspection API calls triggered by Cloud Storage notifications and create separate scheduled BigQuery inspection jobs; run ad-hoc discovery scans as needed.
Rely on Data Catalog policy tags for Cloud Storage and BigQuery to identify PII automatically, and use Eventarc triggers to handle on-prem log uploads.
Run a one-time inspection job over the existing Cloud Storage buckets and BigQuery datasets, and use real-time content inspection API calls for each on-prem log file.
Configure an organization-level discovery scan for Cloud Storage and BigQuery, and invoke a hybrid inspection job from the on-prem system to inspect each incoming log file.
An organization-level discovery scan automatically and continuously profiles data stored in Cloud Storage and BigQuery, covering both historical content and any new objects or tables that appear. For data that originates outside Google Cloud-such as log files pushed from an on-prem system-a hybrid inspection job is the correct choice, because it lets you stream data from any source to Sensitive Data Protection for inspection before the data is persisted. A one-time inspection job would not meet the need for continuous profiling, and the content inspection API alone cannot be automatically triggered for every new object placed in Cloud Storage. Data Catalog policy tags and Event-Arc triggers are access-control or event-handling features, not inspection mechanisms.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a discovery scan in Google Cloud's Sensitive Data Protection?
Open an interactive chat with Bash
What is a hybrid inspection job in Sensitive Data Protection?
Open an interactive chat with Bash
How does the content inspection API differ from the discovery scan?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Ensuring data protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .