exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam

Exam Professional Cloud Security Engineer topic 1 question 294 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 294
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your organization has an internet-facing application behind a load balancer. Your regulators require end-to-end encryption of user login credentials. You must implement this requirement. What should you do?

  • A. Generate a symmetric key with Cloud KMS. Encrypt client-side user credentials by using the symmetric key.
  • B. Concatenate the credential with a timestamp. Submit the timestamp and hashed value of credentials to the network.
  • C. Deploy the TLS certificate at Google Cloud Global HTTPs Load Balancer, and submit the user credentials through HTTPs.
  • D. Generate an asymmetric key with Cloud KMS. Encrypt client-side user credentials using the public key.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
zanhsieh
1 week, 2 days ago
Selected Answer: D
I take D. End-to-end encryption should overweight scalability as the question described as "require".
upvoted 1 times
...
MoAk
1 month ago
Selected Answer: C
Initially I was with D however it then didn't seem very scalable option. I believe this is now Answer C. The load balancer would decrypt the connection to inspect the packets at L7 but would re-encrypt it (SSL bridging) for full end to end encryption. https://cloud.google.com/docs/security/encryption-in-transit#transport_layer_security
upvoted 1 times
...
f36bdb5
1 month, 1 week ago
Selected Answer: D
In case of C, the Load Balancer would strip the TLS connection, making it not end to end.
upvoted 1 times
MoAk
3 weeks, 4 days ago
Negative, LBs can indeed carry out SSL bridging.
upvoted 1 times
...
...
jmaquino
1 month, 3 weeks ago
Selected Answer: C
C:
upvoted 2 times
...
yokoyan
3 months, 2 weeks ago
Selected Answer: C
I think it's C.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago