ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Architect All Questions

View all questions & answers for the Professional Cloud Architect exam
Go to Exam

Exam Professional Cloud Architect topic 3 question 1 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 1
Topic #: 3
[All Professional Cloud Architect Questions]

For this question, refer to the Helicopter Racing League (HRL) case study. Your team is in charge of creating a payment card data vault for card numbers used to bill tens of thousands of viewers, merchandise consumers, and season ticket holders. You need to implement a custom card tokenization service that meets the following requirements:
* It must provide low latency at minimal cost.
* It must be able to identify duplicate credit cards and must not store plaintext card numbers.
* It should support annual key rotation.
Which storage approach should you adopt for your tokenization service?

  • A. Store the card data in Secret Manager after running a query to identify duplicates.
  • B. Encrypt the card data with a deterministic algorithm stored in Firestore using Datastore mode.
  • C. Encrypt the card data with a deterministic algorithm and shard it across multiple Memorystore instances.
  • D. Use column-level encryption to store the data in Cloud SQL.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by t1nna456 at Nov. 13, 2021, 2:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Neo_ACE
Highly Voted 2 years, 10 months ago
Answer would be B https://cloud.google.com/community/tutorials/pci-tokenizer Deterministic output means that a given set of inputs (card number, expiration, and userID) will always generate the same token. This is useful if you want to rely on the token value to deduplicate your token stores. You can simply match a newly generated token to your existing catalog of tokens to determine whether the card has been previously stored. Depending on your application architecture, this can be a very useful feature. However, this could also be accomplished using a salted hash of the input values. https://cloud.google.com/architecture/tokenizing-sensitive-cardholder-data-for-pci-dss Firestore is the next major version of Datastore. Firestore can run in Datastore mode, which uses the same API as Datastore and scales to millions of writes per second,
upvoted 39 times
...
technodev
Highly Voted 2 years, 8 months ago
Got this question in my exam, answered B
upvoted 19 times
...
OrangeTiger
Most Recent 8 months, 1 week ago
A's SecretManager and C's Memorystore are absolutely different because their purposes are different. D is different because it does not mention duplication. What remains is B.
upvoted 2 times
...
TopTalk
1 year ago
Why isn't it C since Firestore doesn't meet the low latency requirement as someone said before? Bard thinks the answer is C for low latency and even cost because you're only paying for what you use. Thoughts?
upvoted 2 times
...
sampon279
1 year, 3 months ago
Selected Answer: B
Between B (firestore in datastore mode)and D (Cloud SQL) B is better solution since firestore is preferred for low latency queries, also since firestore is in datastore mode (does not include real time capabilities supported in native mode - i.e mobile updates) it's cost effective.
upvoted 4 times
...
mimicha1
1 year, 3 months ago
Why not C ?
upvoted 2 times
bargou
7 months, 2 weeks ago
if we choose C, the card number can be duplicated, since we are using multiple memorystore
upvoted 2 times
...
...
BiddlyBdoyng
1 year, 3 months ago
From what I can work out column level encryption needs to be implemented by the client in Cloud SQL. So both B & D are identical solutions except for the database type? Cloud SQL seems to do a better job of the avoiding duplicates requirement & seems a better fit. Don't see why B seems to be so popular, would have expect a bigger split on the vote. Am I missing something
upvoted 2 times
mtj2018
1 year, 2 months ago
I agree, both answers would fit the bill but I think B just shades it due to low latency requirements.
upvoted 1 times
...
...
tdotcat
1 year, 8 months ago
Selected Answer: B
B fits the case
upvoted 2 times
...
surajkrishnamurthy
1 year, 9 months ago
Selected Answer: B
B Is the Correct Answer
upvoted 2 times
...
megumin
1 year, 10 months ago
Selected Answer: B
B is ok
upvoted 1 times
...
Mahmoud_E
1 year, 11 months ago
Selected Answer: B
B as its clear in the example by google https://cloud.google.com/architecture/tokenizing-sensitive-cardholder-data-for-pci-dss
upvoted 4 times
...
aut0pil0t
2 years ago
Selected Answer: B
B, but should be reworded as follows for clarify. "B. Encrypt the card data with a deterministic algorithm and store in Firestore using Datastore mode." https://cloud.google.com/architecture/tokenizing-sensitive-cardholder-data-for-pci-dss#a_service_for_handling_sensitive_information
upvoted 4 times
...
AzureDP900
2 years, 2 months ago
I would go with B.
upvoted 1 times
...
cpi_web
2 years, 3 months ago
Hmmm. What is about the very first point low latency? Firefstore is not the one with best latency values... https://cloud.google.com/architecture/building-scalable-apps-with-cloud-firestore#latency
upvoted 2 times
...
kapara
2 years, 4 months ago
Selected Answer: D
ans is D
upvoted 1 times
...
mad314
2 years, 5 months ago
Selected Answer: B
Had this question on my exam.
upvoted 5 times
...
slars2k
2 years, 5 months ago
Considering low latency and minimal cost, will go with D.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago