Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 45 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 45
Topic #: 1
[All Professional Cloud Security Engineer Questions]

A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery.
What technique should the institution use?

  • A. Use Cloud Storage as a federated Data Source.
  • B. Use a Cloud Hardware Security Module (Cloud HSM).
  • C. Customer-managed encryption keys (CMEK).
  • D. Customer-supplied encryption keys (CSEK).
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by jonclem at March 26, 2020, 6:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Ganshank
Highly Voted 4 years, 6 months ago
CSEK is only supported in Google Cloud Storage and Compute Engine, therefore D cannot be the right answer. Ideally, it would be client-side encryption, with BigQuery providing another round of encryption of the encrypted data - https://cloud.google.com/bigquery/docs/encryption-at-rest#client_side_encryption, but since that is not one of the options, we can go with C as the next best option.
upvoted 19 times
smart123
4 years, 5 months ago
Option 'C' is correct. Option 'D' is not correct as CSEK a feature in Google Cloud Storage and Google Compute Engine only.
upvoted 5 times
...
...
SQLbox
Most Recent 2 months, 2 weeks ago
Correct answer is b
upvoted 1 times
...
crazycosmos
3 months, 3 weeks ago
Selected Answer: D
I prefer D for max control.
upvoted 1 times
...
SQLbox
4 months ago
Correct answer is D D. Customer-supplied encryption keys (CSEK). Here's an explanation of why CSEK is the best choice and a brief review of the other options: Customer-supplied encryption keys (CSEK): CSEK allows the institution to manage their own encryption keys and supply these keys to Google Cloud Platform when needed. This provides maximum control over the encryption process because the institution retains possession of the encryption keys and can rotate, revoke, or replace them as desired.
upvoted 1 times
...
Ishu_awsguy
1 year, 5 months ago
Why not Cloud HSM ? Maximum control over keys
upvoted 1 times
Ishu_awsguy
1 year, 5 months ago
Sorry From HSM the keys become customer supplied encryption keys which are not supported. Ans is Customer managed encryptipn keys
upvoted 1 times
...
...
AwesomeGCP
2 years, 1 month ago
Selected Answer: C
C. Customer-managed encryption keys (CMEK).
upvoted 3 times
...
DebasishLowes
3 years, 8 months ago
Ans : C
upvoted 2 times
...
Aniyadu
3 years, 10 months ago
I feel C is the right answer. if customer wants to manage the keys from on-premises then D would be correct.
upvoted 3 times
...
[Removed]
4 years ago
Ans - C
upvoted 3 times
...
saurabh1805
4 years, 1 month ago
C is correct answer as CSEK is not available for big query.
upvoted 2 times
...
MohitA
4 years, 3 months ago
C is the right answer as CSEC is only available for CS and CE's
upvoted 1 times
...
aiwaai
4 years, 3 months ago
Correct Answer: C
upvoted 2 times
...
ArizonaClassics
4 years, 3 months ago
C is the RIGHT ONE!!! If you want to manage the key encryption keys used for your data at rest, instead of having Google manage the keys, use Cloud Key Management Service to manage your keys. This scenario is known as customer-managed encryption keys (CMEK). https://cloud.google.com/bigquery/docs/encryption-at-rest
upvoted 2 times
ArizonaClassics
4 years, 3 months ago
ALSO READ : https://cloud.google.com/bigquery/docs/customer-managed-encryption
upvoted 2 times
...
...
ranjeetpatil
4 years, 5 months ago
Ans is C. BigQuery does not support CSEK. https://cloud.google.com/security/encryption-at-rest. https://cloud.google.com/security/encryption-at-rest
upvoted 4 times
...
srinidutt
4 years, 6 months ago
I also feeel D is right
upvoted 1 times
...
xhova
4 years, 7 months ago
Answer is D. For max control you don't want to store the Key with Google.
upvoted 3 times
...
jonclem
4 years, 8 months ago
For maximum control surely D is the correct answer. CSEK: https://cloud.google.com/security/encryption-at-rest/customer-supplied-encryption-keys CMEK https://cloud.google.com/bigquery/docs/encryption-at-rest
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel