Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 74 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 74
Topic #: 1
[All Professional Cloud Security Engineer Questions]

What are the steps to encrypt data using envelope encryption?
A.
✑ Generate a data encryption key (DEK) locally.
✑ Use a key encryption key (KEK) to wrap the DEK.
✑ Encrypt data with the KEK.
✑ Store the encrypted data and the wrapped KEK.
B.
✑ Generate a key encryption key (KEK) locally.
✑ Use the KEK to generate a data encryption key (DEK).
✑ Encrypt data with the DEK.
✑ Store the encrypted data and the wrapped DEK.
C.
✑ Generate a data encryption key (DEK) locally.
✑ Encrypt data with the DEK.
✑ Use a key encryption key (KEK) to wrap the DEK.
✑ Store the encrypted data and the wrapped DEK.
D.
✑ Generate a key encryption key (KEK) locally.
✑ Generate a data encryption key (DEK) locally.
✑ Encrypt data with the KEK.
Store the encrypted data and the wrapped DEK.

Show Suggested Answer Hide Answer
Suggested Answer: C
Reference:
https://cloud.google.com/kms/docs/envelope-encryption
by Tabayashi at April 29, 2022, 2:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Tabayashi
Highly Voted 2 years, 7 months ago
Answer is (C). The process of encrypting data is to generate a DEK locally, encrypt data with the DEK, use a KEK to wrap the DEK, and then store the encrypted data and the wrapped DEK. The KEK never leaves Cloud KMS. https://cloud.google.com/kms/docs/envelope-encryption#how_to_encrypt_data_using_envelope_encryption
upvoted 19 times
AzureDP900
2 years ago
C is right
upvoted 3 times
...
...
Mr_MIXER007
Most Recent 2 months, 4 weeks ago
Answer is (C).
upvoted 1 times
...
desertlotus1211
1 year, 2 months ago
Answer is C; https://cloud.google.com/kms/docs/envelope-encryption#:~:text=decrypt%20data%20directly.-,How%20to%20encrypt%20data%20using%20envelope%20encryption,data%20and%20the%20wrapped%20DEK.
upvoted 3 times
...
Appsec977
1 year, 6 months ago
C is the correct solution because KEK is never generated on the client's side, KEK is stored in GCP.
upvoted 4 times
...
AwesomeGCP
2 years, 1 month ago
Answer - C is correct. https://cloud.google.com/kms/docs/envelope-encryption#how_to_encrypt_data_using_envelope_encryption
upvoted 3 times
...
[Removed]
2 years, 2 months ago
C it is
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel