Securely Capture and Prevent Leaking of PII Logs | PCDE Exam Question Solution

Capture and Prevent Leaking of Personally Identifiable Information (PII) Logs

Question

You are running an application on Compute Engine and collecting logs through Stackdriver.

You discover that some personally identifiable information (PII) is leaking into certain log entry fields.

All PII entries begin with the text userinfo.

You want to capture these log entries in a secure location for later review and prevent them from leaking to Stackdriver Logging.

What should you do?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

The correct answer to this question is A: Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.

Explanation: The problem described in the question is that personally identifiable information (PII) is leaking into certain log entry fields that are being collected by Stackdriver. To address this issue, we need to capture the log entries containing PII in a secure location for later review and prevent them from leaking to Stackdriver Logging.

Option A is the correct answer because it suggests the following steps:

  1. Create a basic log filter that matches userinfo. This filter will capture all log entries that contain the text "userinfo".

  2. Configure a log export in the Stackdriver console. This will allow us to send the log entries that match our filter to a different location, rather than sending them to Stackdriver Logging.

  3. Use Cloud Storage as the sink for the log export. This will ensure that the log entries are sent to a secure location where they can be stored and reviewed later.

By following these steps, we can capture the log entries containing PII in a secure location while preventing them from being sent to Stackdriver Logging.

Option B is incorrect because it suggests using a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copying the entries to a Cloud Storage bucket. While this approach would remove the PII from the log entries, it does not address the requirement to capture the log entries in a secure location for later review.

Option C is incorrect because it suggests creating an advanced log filter matching userinfo, configuring a log export in the Stackdriver console with Cloud Storage as a sink, and then configuring a log exclusion with userinfo as a filter. While this approach would capture the log entries containing PII in a secure location, it also suggests configuring a log exclusion with userinfo as a filter. This could result in some log entries containing important information being excluded from Stackdriver Logging.

Option D is incorrect because it suggests using a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, creating an advanced log filter matching userinfo, and then configuring a log export in the Stackdriver console with Cloud Storage as a sink. This approach is similar to option B and suffers from the same issue of not capturing the log entries containing PII in a secure location for later review.