Question-16: The Payment Card Industry, also known as PCI, is a subset of the financial industry that is responsible for regulating the utilisation of all electronic payment methods. Your application needs to be able to process transactions using credit cards. You want the smallest possible scope of Payment Card Industry (PCI) compliance without compromising your ability to analyse transactional data and trends relating to which payment methods are used. This is important. The PCI scope of a company or organisation encompasses all individuals, processes, and technologies that touch cardholder data, meaning they interact with it in some way or have an effect on its safety. If you have a good understanding of the PCI scope, you will be able to ensure that the software products you sell help improve payment security for both you and your customers. What kind of layout should you use for your building?
A. Build a tokenizer service and make sure to save just to
B. Make separate projects that are only responsible for processing credit card information.
C. Establish distinct subnetworks, and then isolate the components that handle credit processing.
D. Labeling all of the virtual machines (VMs) that process PCI data will help streamline the audit discovery phase and make it more efficient.
E. Enable the export of logs to Google BigQuery, and make use of access control lists and views to limit the scope of the information that is shared with the auditor.
Correct Answer
Get All 340 Questions and Answer for Google Professional Cloud Architect
: 1 Explanation: PCI DSS Audit for my project and thats the best suited case. 100% sure to use tokenised data instead of actual card number. But with A you cannot extract statistics. That is the second requirement. You can as the generated token for a given credit card would be same(generally but there are approaches which can give you different token for the same sensitive data input). Only thing that you won't know is the actual card number which is not required for the trend analysis. When the trend analysis involves referential integrity then tokenization process becomes challenging but still once data is tokenized correctly you should be able to perform any kind of the analysis. Analyzing Transaction does not require Credit Card number I guess. Only amount of transaction or balance what is needed. We also perform something similar with transactional data with tokenized PII information. So CC can be tokenized. So answer should be Option-1. PCI DSS compliance can be a pain, tokenisation is one way of dealing with it. Option-1 Tokenization: A process that replaces the primary account number (PAN) with a surrogate value called a token. The PAN is then stored in a secure lookup. De-tokenization is the reverse process of looking up a PAN by its token. In this question, the analysis is on the payment method. Thus sensitive information like credit card number, holder name,etc is not needed for the analysis, but also should not be visible to the analyzer. Therefore, it makes perfect sense to tokenize these sensitive information while not affecting the purpose to analyze the payment method. In this sense, Option-4 is not correct since Big Query ACL can only control access at the table level, not at column level.