チェックポイント
Redacting sensitive data from text content
/ 20
Create de-identify templates
/ 40
Configure job triggger and run dlp inspection
/ 40
Get Started with Sensitive Data Protection: Challenge Lab
ARC116
Overview
In a challenge lab you’re given a scenario and a set of tasks. Instead of following step-by-step instructions, you will use the skills learned from the labs in the course to figure out how to complete the tasks on your own! An automated scoring system (shown on this page) will provide feedback on whether you have completed your tasks correctly.
When you take a challenge lab, you will not be taught new Google Cloud concepts. You are expected to extend your learned skills, like changing default values and reading and researching error messages to fix your own mistakes.
To score 100% you must successfully complete all tasks within the time period!
Setup and requirements
Before you click the Start Lab button
Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.
This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.
To complete this lab, you need:
- Access to a standard internet browser (Chrome browser recommended).
- Time to complete the lab---remember, once you start, you cannot pause a lab.
Challenge scenario
You are working as a junior cloud engineer in your organization. You're part of a team of cloud engineers assigned to using Sensitive Data Protection API's powerful detection engine to protect and screen for personally identifiable information (PII) and other privacy-sensitive data. As part of this project, you are asked to use the Sensitive Data Protection service in Google Cloud to redact sensitive information from text, de-identify sensitive data, and create a DLP template to use for inspecting data.
You are expected to have the skills and knowledge for the tasks that follow.
Your challenge
For this challenge, you have been tasked with redacting and de-identifying sensitive information, and creating templates to inspect structured and unstructured data.
You need to:
- Inspect strings and files to perform de-identification.
- Create de-identification inspection templates.
- Configure a job trigger to run DLP inspections.
Each task is described in detail below, good luck!
Task 1. Redact sensitive data from text content
To complete this task, set an environmental variable for your project ID and obtain an authorization token in Cloud Shell.
-
Create a JSON file called
redact-request.json
using the code that follows and usecurl
to make acontent:deidentify
request. -
Save the
curl
command output in a file calledredact-response.txt
. -
Upload the output file,
redact-response.txt
, to the Cloud Storage Bucket.
Click Check my progress to verify the objective.
Task 2. Create DLP inspection templates
For this task, you create two de-identification templates that are used to inspect structured and unstructured data, respectively.
- Create a de-identify template for structured data with the name
structured_data_template
(in Global (any region)) that has two transformation rules:
a. First transformation rule:
Parameter | Configuration |
---|---|
Transformation Rule fields | bank name, zip code |
Transformation type | Primitive field transformation |
Transformation method | Mask with character |
Masking Character | # |
Mask all characters | Enable mask all characters checkbox and do not ignore any characters |
b. Second transformation rule:
Parameter | Configuration |
---|---|
Transformation Rule fields | message |
Transformation type | Match on infoType |
Transformation method | Replace with infoType name |
- Create a de-identify template for unstructured data with the name
unstructured_data_template
(in Global (any region)), configured as:
Parameter | Configuration |
---|---|
Transformation Rule | Replace |
String value | [redacted] |
Click Check my progress to verify the objective.
Task 3. Configure a job trigger to run DLP inspection
For this task, you configure a job trigger to run the Cloud Data Loss Prevention API. A few sample files have been provided for you in the Cloud Storage Bucket named
.
- Create a DLP inspection job trigger named
dlp_job
(in Global (any region)).
Parameter | Configuration |
---|---|
Storage type | Cloud Storage |
Location Type | Scan a bucket with optional include/exclude rules. |
Cloud Storage Input location | |
Percentage of included objects scanned within the bucket | 100% |
Sampling method | No sampling |
Actions | Toggle Make a de-identify copy. Enter the names of the two templates that you created into the appropriate boxes |
Cloud Storage output location | |
Schedule | Create a trigger to run the job on a periodic schedule (Weekly) |
- Run DLP inspection and explore the various folders and files in the Cloud Storage Bucket
to verify the redacted data.
Click Check my progress to verify the objective.
Congratulations!
You have successfully redacted sensitive data from text to de-identify it, created a DLP inspection template, and configured a job trigger to perform de-identification and review the results.
Google Cloud training and certification
...helps you make the most of Google Cloud technologies. Our classes include technical skills and best practices to help you get up to speed quickly and continue your learning journey. We offer fundamental to advanced level training, with on-demand, live, and virtual options to suit your busy schedule. Certifications help you validate and prove your skill and expertise in Google Cloud technologies.
Manual Last Updated October 3, 2024
Lab Last Tested June 26, 2024
Copyright 2024 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.