Topic 3 Question 1
For this question, refer to the Helicopter Racing League (HRL) case study. Your team is in charge of creating a payment card data vault for card numbers used to bill tens of thousands of viewers, merchandise consumers, and season ticket holders. You need to implement a custom card tokenization service that meets the following requirements:
- It must provide low latency at minimal cost.
- It must be able to identify duplicate credit cards and must not store plaintext card numbers.
- It should support annual key rotation.
Which storage approach should you adopt for your tokenization service?
Store the card data in Secret Manager after running a query to identify duplicates.
Encrypt the card data with a deterministic algorithm stored in Firestore using Datastore mode.
Encrypt the card data with a deterministic algorithm and shard it across multiple Memorystore instances.
Use column-level encryption to store the data in Cloud SQL.
ユーザの投票
コメント(17)
Answer would be B
https://cloud.google.com/community/tutorials/pci-tokenizer
Deterministic output means that a given set of inputs (card number, expiration, and userID) will always generate the same token. This is useful if you want to rely on the token value to deduplicate your token stores. You can simply match a newly generated token to your existing catalog of tokens to determine whether the card has been previously stored. Depending on your application architecture, this can be a very useful feature. However, this could also be accomplished using a salted hash of the input values.
https://cloud.google.com/architecture/tokenizing-sensitive-cardholder-data-for-pci-dss Firestore is the next major version of Datastore. Firestore can run in Datastore mode, which uses the same API as Datastore and scales to millions of writes per second,
👍 27Neo_ACE2021/11/15Got this question in my exam, answered B
👍 17technodev2022/01/19- 正解だと思う選択肢: B
Had this question on my exam.
👍 5mad3142022/04/25
シャッフルモード