Exam Professional Cloud Security Engineer topic 1 question 17 discussion

Answer is D https://cloud.google.com/dlp/docs/pseudonymization

The answer is A. By bucketing or generalizing, we achieve a reversible pseudonymised data that can still yield the required analysis. https://cloud.google.com/dlp/docs/concepts-bucketing

it is reversible for D

Reversible

For sure is D https://cloud.google.com/sensitive-data-protection/docs/transformations-reference#fpe I was in doubt about C but the hash can’t be returned into the original value

https://cloud.google.com/dlp/docs/transformations-reference#fpe

A. seems like good fit here. Preserve data utility while also reducing the identifiability of the data. https://cloud.google.com/dlp/docs/concepts-bucketing

The keyword here is "reversible" or allows for "re-identification". Out of the options listed, Format preserving encryption (FPE-FFX) is the only one that allows "re-identification". Therefore "D" is the most accurate option. References: https://cloud.google.com/dlp/docs/pseudonymization (see the table) https://en.wikipedia.org/wiki/Format-preserving_encryption

Generalization is a technique that replaces an original value with a similar, but not identical, value. This technique can be used to help protect sensitive data while still allowing statistical analysis. In this scenario, the employer can use generalization to replace the actual bonus compensation values with generalized values that are statistically similar but not identical. This allows the employer to perform analysis on the data without exposing the sensitive compensation data for any individual employee. Using Generalization can be reversible to identify outliers. The employer can then use the original data to investigate further and correct any earning disparities. Redaction is another DLP API technique that can be used to protect sensitive data, but it is not suitable for this scenario since it would remove the data completely and make statistical analysis impossible. CryptoHashConfig and CryptoReplaceFfxFpeConfig are also not suitable for this scenario since they are encryption techniques and do not allow statistical analysis of data.

Answer is A: Generalization is a technique that replaces an original value with a similar, but not identical, value. This technique can be used to help protect sensitive data while still allowing statistical analysis. In this scenario, the employer can use generalization to replace the actual bonus compensation values with generalized values that are statistically similar but not identical. This allows the employer to perform analysis on the data without exposing the sensitive compensation data for any individual employee. Using Generalization can be reversible to identify outliers. The employer can then use the original data to investigate further and correct any earning disparities. Redaction is another DLP API technique that can be used to protect sensitive data, but it is not suitable for this scenario since it would remove the data completely and make statistical analysis impossible. CryptoHashConfig and CryptoReplaceFfxFpeConfig are also not suitable for this scenario since they are encryption techniques and do not allow statistical analysis of data.

Correct Answer is (D): De-identifying sensitive data Cloud Data Loss Prevention (DLP) can de-identify sensitive data in text content, including text stored in container structures such as tables. De-identification is the process of removing identifying information from data. The API detects sensitive data such as personally identifiable information (PII), and then uses a de-identification transformation to mask, delete, or otherwise obscure the data. For example, de-identification techniques can include any of the following: Masking sensitive data by partially or fully replacing characters with a symbol, such as an asterisk (*) or hash (#).

D is the most viable option

The Answer is A

Correct answer is D. But, The answer does not have a CryptoDeterministicConfig . We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. https://cloud.google.com/dlp/docs/transformations-reference#transformation_methods

Answer D. Note that `CryptoReplaceFfxFpeConfig` might not be used in a real exam; they might change to `format preserve encryption`.

The answer is D https://cloud.google.com/dlp/docs/transformations-reference#transformation_methods

D is the only option that is reversible.