Google Cloud Professional Cloud Security Engineer Practice Exam

What action should be taken to remove personally identifiable information (PII) from files older than 12 months stored in Cloud Storage?

• A. Create a script to manually delete PII from files
• B. Set up an automatic file transfer to an external archive
• C. Create a Cloud DLP inspection job to de-identify PII
• D. Encrypt all files before storing to prevent access

The correct answer is: Create a Cloud DLP inspection job to de-identify PII

Utilizing a Cloud DLP (Data Loss Prevention) inspection job to de-identify PII is an effective approach to address the issue of removing sensitive information from files while preserving data integrity and accessibility. By configuring a Cloud DLP job, you can automatically scan for PII within your stored files and apply de-identification techniques, such as masking or tokenization, to remove or obscure personal information without needing to delete the entire file. This method is particularly beneficial because it allows you to comply with data protection regulations and maintain the utility of the remaining data. Additionally, automating the process through a Cloud DLP job reduces the risk of human error that often comes with manual interventions and ensures consistent handling of personal data over time. In contrast, manually deleting PII can be labor-intensive and inconsistent, leading to potential oversights. Setting up an automatic file transfer to an external archive does not address the PII in the original files, and simply encrypting files does not eliminate the presence of PII; it only adds a layer of security without remediation. Therefore, creating a Cloud DLP inspection job represents a comprehensive and automated solution for managing PII effectively.