Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 309 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 309
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your development team is launching a new application. The new application has a microservices architecture on Compute Engine instances and serverless components, including Cloud Functions. This application will process financial transactions that require temporary, highly sensitive data in memory. You need to secure data in use during computations with a focus on minimizing the risk of unauthorized access to memory for this financial application. What should you do?

  • A. Enable Confidential VM instances for Compute Engine, and ensure that relevant Cloud Functions can leverage hardware-based memory isolation.
  • B. Use data masking and tokenization techniques on sensitive financial data fields throughout the application and the application's data processing workflows.
  • C. Use the Cloud Data Loss Prevention (Cloud DLP) API to scan and mask sensitive data before feeding the data into any compute environment.
  • D. Store all sensitive data during processing in Cloud Storage by using customer-managed encryption keys (CMEK), and set strict bucket-level permissions.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by abdelrahman89 at Oct. 4, 2024, 10:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
json4u
1 month, 1 week ago
Selected Answer: A
It's A. Well explained in abdelrahman89's comment.
upvoted 1 times
...
abdelrahman89
1 month, 2 weeks ago
A - Confidential VMs: Using Confidential VMs provides a strong security boundary around the memory of the VM instances, protecting sensitive data from unauthorized access, even if the VM is compromised. Hardware-Based Memory Isolation: Leveraging hardware-based memory isolation ensures that the data within the VM's memory is protected by hardware-enforced mechanisms, making it significantly more difficult for attackers to access. Comprehensive Protection: This approach provides a comprehensive solution for securing data in use, as it combines both software-based (Confidential VMs) and hardware-based (memory isolation) protections.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel