Skip to main content

Question 200

Government regulations in the banking industry mandate the protection of clients' personally identifiable information (PII). Your company requires PII to be access controlled, encrypted, and compliant with major data protection standards. In addition to using Cloud Data Loss Prevention (Cloud DLP), you want to follow
Google-recommended practices and use service accounts to control access to PII. What should you do?

  • A. Assign the required Identity and Access Management (IAM) roles to every employee, and create a single service account to access project resources.
  • B. Use one service account to access a Cloud SQL database, and use separate service accounts for each human user.
  • C. Use Cloud Storage to comply with major data protection standards. Use one service account shared by all users.
  • D. Use Cloud Storage to comply with major data protection standards. Use multiple service accounts attached to IAM groups to grant the appropriate access to each group.

Without Cloud storage, I believe just DLP does not provide encryption. DLP can redact or mask data, not encrypt it. Only on Cloud storage, encryption can be performed. So seems like option D is the closest choice, though service accounts should NOT be attached to IAM groups.

Back to top