Exam Professional Cloud Security Engineer topic 1 question 273 discussion

In general, the CMEK key does not encrypt metadata associated with your operation, like the job's name and region, or a dataset's display name. Metadata associated with operations is always encrypted using Google's default encryption mechanism. https://cloud.google.com/vertex-ai/docs/general/cmek

C sounds right https://cloud.google.com/vertex-ai/docs/general/cmek#resources In general, the CMEK key does not encrypt metadata associated with your operation, like the job's name and region, or a dataset's display name. Metadata associated with operations is always encrypted using Google's default encryption mechanism.

Ans is C Guys before recommending an answer please read the doc. In general, the CMEK key does not encrypt metadata associated with your operation, like the job's name and region, or a dataset's display name. Metadata associated with operations is always encrypted using Google's default encryption mechanism. https://cloud.google.com/vertex-ai/docs/general/cmek#benefits

C seems best. NOT B: "In general, the CMEK key does not encrypt metadata associated with your operation" NOT D: "If you want to control your encryption keys, then you can use customer-managed encryption keys (CMEKs) " https://cloud.google.com/vertex-ai/docs/general/cmek#resources

B is correct. D looks good but uses Google Managed Encryption Keys which violates the requirement of control the encryption resources outlined in the question.

Option D enforces that all supported data types must be encrypted by key materials that reside in the Europe region.

Answer is C The CMEK key doesn't encrypt metadata, like the instance's name and region, associated with your Vertex AI Workbench instance. Metadata associated with Vertex AI Workbench instances is always encrypted using Google's default encryption mechanism.

I think it's B.