ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 3: Designing for Security and ComplianceDomain 3PCI-DSSComplianceSecurity

GCP PCA · Question 44 · Domain 3: Designing for Security and Compliance

Your company is building a payment processing system on GCP that must comply with PCI-DSS. Which THREE architectural practices should you implement to help achieve and maintain compliance? (Select THREE)

Answer options:

A.

Use Cloud Data Loss Prevention (DLP) to tokenize Primary Account Numbers (PAN) before storing them.

B.

Store all credit card data in a single, centralized Cloud SQL database accessible by all developers.

C.

Implement VPC Service Controls to create a secure perimeter around the projects processing payment data.

D.

Disable Cloud Audit Logs to improve database performance.

E.

Apply the principle of least privilege using custom IAM roles for service accounts.

F.

Use HTTP instead of HTTPS for internal microservice communication to reduce latency.

How to approach this question

Identify standard security best practices: Tokenization (DLP), Perimeter Security (VPC SC), and Least Privilege (IAM). Reject anything that reduces security (HTTP, disabling logs, broad access).

Full Answer

Achieving PCI-DSS compliance on GCP requires a defense-in-depth approach. Cloud DLP tokenizes the data so raw numbers aren't stored. VPC Service Controls creates a network perimeter to prevent data from leaving the secure environment. Strict IAM policies enforce least privilege. Audit logging and encryption in transit (HTTPS) are mandatory, not optional.

Common mistakes

Assuming internal networks don't need encryption (F). Zero-trust architecture and PCI-DSS require encryption everywhere.
43All questions45

Practice the full GCP Professional Cloud Architect Practice Exam 3

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ02**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...HardQ03**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ04**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...EasyQ05**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium
View all 50 questions →