Practice Test 1 | Google Cloud Certified Professional Cloud Architect | Dumps | Mock Test
One of your clients are storing highly sensitive data on Google Cloud Storage, they strictly adhere to their compliance, hence they do not want their keys to be stored in a cloud, please suggest them the right choice of encryption.
A. Google recommends the usage of Cloud External Key Manager (Cloud EKM)
B. All objects on Google Storage are encrypted by default hence additional encryption isn’t required
C. Give your Cloud Storage service account access to an encryption key, that service account encrypts
D. Google recommends the usage of cloud KMS for storing CMEK.
Correct Answer – A
Option A is the correct choice because the client doesn’t want to store the encryption keys on Google Cloud. With Cloud EKM, you can use keys that you manage within a supported external key management partner to protect data within Google Cloud.
Option B is incorrect because, even though All objects on Google Storage are encrypted by default, the client is storing sensitive data and hence default encryption isn’t the best option. https://cloud.google.com/security/encryption-at-rest/
Option C is incorrect because giving your Cloud Storage service account access to an encryption key, that the service account encrypts comes under Customer-Managed Encryption Keys, these keys are stored in Google cloud, hence not the correct choice here.
Option D is incorrect because, in a customer-managed encryption key, your encryption keys are stored within Cloud KMS. The client doesn’t want to store keys on the Cloud.
Reference:
Comments are closed, but trackbacks and pingbacks are open.