Your organization has an internet-facing application behind a load balancer. Your regulators require end-to-end encryption of user login credentials. You must implement this requirement. What should you do?
A.
Generate a symmetric key with Cloud KMS. Encrypt client-side user credentials by using the symmetric key.
B.
Concatenate the credential with a timestamp. Submit the timestamp and hashed value of credentials to the network.
C.
Deploy the TLS certificate at Google Cloud Global HTTPs Load Balancer, and submit the user credentials through HTTPs.
D.
Generate an asymmetric key with Cloud KMS. Encrypt client-side user credentials using the public key.
Initially I was with D however it then didn't seem very scalable option. I believe this is now Answer C. The load balancer would decrypt the connection to inspect the packets at L7 but would re-encrypt it (SSL bridging) for full end to end encryption.
https://cloud.google.com/docs/security/encryption-in-transit#transport_layer_security
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
zanhsieh
1 week, 2 days agoMoAk
1 month agof36bdb5
1 month, 1 week agoMoAk
3 weeks, 4 days agojmaquino
1 month, 3 weeks agoyokoyan
3 months, 2 weeks ago