GCP Professional Cloud Security Engineer Practice Question
Your security team must scan several terabytes of log files stored in Cloud Storage with Sensitive Data Protection (SDP). The files may contain U.S. Social Security numbers (formatted as "123-45-6789") and an internal customer identifier that always starts with "CUST-" followed by exactly 10 digits (for example, "CUST-0123456789"). The team wants to minimize configuration effort while keeping false positives low. Which detection strategy best meets these requirements?
Use the built-in US_SOCIAL_SECURITY_NUMBER infoType and create a custom regular-expression infoType named ACME_CUSTOMER_ID that matches the pattern "CUST-\d{10}" (optionally adding a hotword rule that looks for the string "CUST-").
Use the built-in CREDIT_CARD_NUMBER infoType for SSNs and create a custom dictionary detector that lists every known customer ID.
Rely on the built-in PERSON_NAME infoType for SSNs and the built-in PHONE_NUMBER infoType for the customer ID because both contain digits and delimiters.
Create custom regular-expression infoTypes for both SSNs and the customer ID so you can fully control pattern matching.
SDP already provides a built-in infoType, US_SOCIAL_SECURITY_NUMBER, that reliably detects the standard SSN pattern, so no additional configuration is needed for that element. The proprietary customer identifier has a unique format that is not covered by any built-in infoType, so the recommended approach is to define a custom regex detector (optionally combined with a hotword rule such as the literal text "CUST-") to target exactly the required pattern and reduce false positives. Creating custom detectors for SSNs would be unnecessary work, and choosing unrelated built-in infoTypes (e.g., CREDIT_CARD_NUMBER, PERSON_NAME, PHONE_NUMBER) would fail to detect the required data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Sensitive Data Protection (SDP) in GCP?
Open an interactive chat with Bash
What is an infoType in Google Cloud's Sensitive Data Protection?
Open an interactive chat with Bash
How do hotword rules reduce false positives in SDP scanning?
Open an interactive chat with Bash
How does the Sensitive Data Protection (SDP) tool work in GCP?
Open an interactive chat with Bash
What is an infoType in GCP's Sensitive Data Protection?
Open an interactive chat with Bash
What is a hotword rule in custom infoType detection?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Ensuring data protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .