Domain 3: Designing for Security and Compliance — GCP PCA Practice Question 44

How to approach this question

Identify standard security best practices: Tokenization (DLP), Perimeter Security (VPC SC), and Least Privilege (IAM). Reject anything that reduces security (HTTP, disabling logs, broad access).

Full Answer

A,C,E

Achieving PCI-DSS compliance on GCP requires a defense-in-depth approach. Cloud DLP tokenizes the data so raw numbers aren't stored. VPC Service Controls creates a network perimeter to prevent data from leaving the secure environment. Strict IAM policies enforce least privilege. Audit logging and encryption in transit (HTTPS) are mandatory, not optional.

Common mistakes

Assuming internal networks don't need encryption (F). Zero-trust architecture and PCI-DSS require encryption everywhere.

Your company is building a payment processing system on GCP that must comply with PCI-DSS. Which THREE architectural practices should you implement to help achieve and maintain compliance? (Select THREE)

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 3

More questions from this exam