Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 287 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 287
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You work for a banking organization. You are migrating sensitive customer data to Google Cloud that is currently encrypted at rest while on-premises. There are strict regulatory requirements when moving sensitive data to the cloud. Independent of the cloud service provider, you must be able to audit key usage and be able to deny certain types of decrypt requests. You must choose an encryption strategy that will ensure robust security and compliance with the regulations. What should you do?

  • A. Utilize Google default encryption and Cloud IAM to keep the keys within your organization's control.
  • B. Implement Cloud External Key Manager (Cloud EKM) with Access Approval, to integrate with your existing on-premises key management solution.
  • C. Implement Cloud External Key Manager (Cloud EKM) with Key Access Justifications to integrate with your existing one premises key management solution.
  • D. Utilize customer-managed encryption keys (CMEK) created in a dedicated Google Compute Engine instance with Confidential Compute encryption, under your organization's control.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by yokoyan at Sept. 6, 2024, 1:51 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
KLei
4 days, 10 hours ago
Selected Answer: B
C does not offer the same level of access control as Access Approval, which is critical for denying unauthorized decrypt requests.
upvoted 1 times
...
dv1
1 month ago
Selected Answer: C
Key Access Justifications does what the question asks for.
upvoted 3 times
...
json4u
1 month, 1 week ago
Answer is C. - Access Approval : This lets you control access to your organization's data by Google personnel. - Key Access Justifications : This provides a justification for every request to access keys stored in an external key manager.
upvoted 3 times
...
yokoyan
2 months, 2 weeks ago
Selected Answer: B
I think it's B.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel