Google Cloud Professional Cloud Security Engineer Practice Exam

What should be done to ensure credit card numbers are not stored in BigQuery?

• A. Implement strict IAM roles for BigQuery access
• B. Utilize manual data entry processes
• C. Use the Cloud Data Loss Prevention API to redact infoTypes
• D. Store credit card numbers in a separate database

The correct answer is: Use the Cloud Data Loss Prevention API to redact infoTypes

To ensure credit card numbers are not stored in BigQuery, utilizing the Cloud Data Loss Prevention (DLP) API to redact infoTypes is a robust approach. The Cloud DLP API helps in identifying and protecting sensitive data, such as credit card numbers, by detecting such information within datasets. By using this service, you can automate the process of scanning data stored in BigQuery and redacting or masking any sensitive information it finds, thereby preventing the inadvertent storage of sensitive credit card information in your datasets. This method aligns with best practices for data protection, as it allows you to maintain the integrity of your data analytics processes while ensuring compliance with regulations regarding sensitive information. It provides a programmatic way to safeguard data integrity and confidentiality rather than relying solely on manual processes or access controls that do not inherently prevent sensitive data from being stored. In contrast, implementing strict IAM roles for BigQuery access focuses on controlling who can access the data but does not inherently prevent sensitive information from being stored. Manual data entry processes are prone to human error and don’t provide a definitive safeguard against inadvertently entering sensitive information. Storing credit card numbers in a separate database would not eliminate the risk if the sensitive data could inadvertently be created or processed in BigQuery before being moved, making