Which Cloud Data Loss Prevention API technique should you use to accomplish this?

An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier.

Which Cloud Data Loss Prevention API technique should you use to accomplish this?
A . Generalization
B . Redaction
C . CryptoHashConfig
D . CryptoReplaceFfxFpeConfig

Answer: D

Explanation:

De-identifying sensitive data Cloud Data Loss Prevention (DLP) can de-identify sensitive data in text content, including text stored in container structures such as tables. De-identification is the process of removing identifying information from data. The API detects sensitive data such as personally identifiable information (PII), and then uses a de-identification transformation to mask, delete, or otherwise obscure the data. For example, de-identification techniques can include any of the following: Masking sensitive data by partially or fully replacing characters with a symbol, such as an asterisk (*) or hash (#). Replacing each instance of sensitive data with a token, or surrogate, string. Encrypting and replacing sensitive data using a randomly generated or pre-determined key. When you de-identify data using the CryptoReplaceFfxFpeConfig or CryptoDeterministicConfig infoType transformations, you can re-identify that data, as long as you have the CryptoKey used to originally de-identify the data. https://cloud.google.com/dlp/docs/deidentify-sensitive-data