Question 257 of 506

Quick Answer

The answer is Cloud DLP and Confidential VMs. Cloud DLP is correct because it de-identifies sensitive data—using techniques like masking, tokenization, or redaction—before sharing it with external partners, enforcing data minimization and least privilege. Confidential VMs are correct because they encrypt data in use during training, ensuring that even if an external collaborator has access to the compute environment, the raw sensitive data remains protected by hardware-based memory encryption. On the Google Professional Machine Learning Engineer exam, this pairing tests your understanding of the two distinct privacy layers: data at rest/in transit (Cloud DLP for pre-sharing anonymization) and data in use (Confidential VMs for secure computation). A common trap is to choose only one method, but the question explicitly asks for two complementary controls. Memory tip: “DLP before you share, VMs while you train.”

PMLE Practice Question: Collaborating within and across teams to manage data and models

This PMLE practice question tests your understanding of collaborating within and across teams to manage data and models. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Which TWO of the following are recommended methods to ensure data privacy when collaborating with external partners on ML projects?

Question 1mediummulti select
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Use Cloud DLP to de-identify data before sharing.

Cloud DLP (Data Loss Prevention) is a recommended method to de-identify sensitive data before sharing it with external partners. It can automatically detect and mask, tokenize, or redact PII, PCI, or other sensitive elements, ensuring that only anonymized data leaves your environment. This aligns with the principle of least privilege and data minimization for external collaboration.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Use Vertex AI Feature Store with access controls.

    Why it's wrong here

    Feature Store is for features, not raw data sharing.

  • Use Cloud DLP to de-identify data before sharing.

    Why this is correct

    DLP can redact, tokenize, or mask sensitive data.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Grant the partner project's service account direct access to the raw data in BigQuery.

    Why it's wrong here

    Direct access to raw data violates privacy best practices.

  • Use Confidential VMs for training with sensitive data.

    Why this is correct

    Confidential VMs protect data in use via encryption.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Share data via email.

    Why it's wrong here

    Email is insecure and not suitable for large data.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Google Cloud often tests the misconception that access controls alone (like IAM or Feature Store ACLs) are sufficient for data privacy with external partners, but the key requirement is de-identification or encryption in use, not just authorization.

Detailed technical explanation

How to think about this question

Cloud DLP uses inspection jobs with infoType detectors (e.g., EMAIL_ADDRESS, CREDIT_CARD_NUMBER) and can apply transformations like masking with a character replacement or tokenization with a deterministic or cryptographic key. When used with BigQuery, DLP can create de-identified tables via the DLP API's `deidentify` method, which preserves data utility for ML training while removing direct identifiers. Confidential VMs leverage AMD SEV-ES (Secure Encrypted Virtualization) to encrypt memory in use, protecting data during training even from the host OS or hypervisor, which is critical when external partners have access to the compute environment.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A company's IT admin needs to give a contractor read-only access to production logs without sharing account credentials. Using role-based access control (RBAC) and temporary scoped permissions — not a permanent shared password — is the correct pattern. Questions like this test whether you can apply least-privilege access across cloud identity services.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related PMLE practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free PMLE practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this PMLE question test?

Collaborating within and across teams to manage data and models — This question tests Collaborating within and across teams to manage data and models — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Use Cloud DLP to de-identify data before sharing. — Cloud DLP (Data Loss Prevention) is a recommended method to de-identify sensitive data before sharing it with external partners. It can automatically detect and mask, tokenize, or redact PII, PCI, or other sensitive elements, ensuring that only anonymized data leaves your environment. This aligns with the principle of least privilege and data minimization for external collaboration.

What should I do if I get this PMLE question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More PMLE practice questions

Last reviewed: Jun 30, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This PMLE practice question is part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the PMLE exam.