You want to ensure that no sensitive information is being stored in any of your Cloud Storage buckets. Which GCP service would you use to periodically scan your buckets to check for compliance?
Choose an answer
Tap an option to check your answer.
Correct answer: Data Loss Prevention API.
Why this is the answer
The Data Loss Prevention (DLP) API is the correct choice because it is specifically designed to discover, classify, and protect sensitive data. It can scan Cloud Storage buckets (among other data sources) for predefined or custom sensitive information types, such as personally identifiable information (PII), financial data, or credentials, helping ensure compliance. Cloud Armor provides DDoS protection and WAF capabilities, not data scanning. Cloud Audit Logs record administrative activities and access events, but don't scan data content. VPC Service Controls create security perimeters around resources to prevent data exfiltration, but don't scan data within storage. BigQuery Data Transfer Service automates data movement into BigQuery, which is unrelated to scanning for sensitive data in Cloud Storage.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed