# Professional-Cloud-Security-Engineer — Question 426

**Type:** multiple_choice
**Topics:** topic_1

## Question

You need to implement an encryption at-rest strategy that reduces key management complexity for non-sensitive data and protects sensitive data while providing the flexibility of controlling the key residency and rotation schedule. FIPS 140-2 L1 compliance is required for all data types. What should you do?

## Correct Answer

_See scenario._

## Explanation

Selected Answer: D
Both B and D seem correct tbh. D might be "more correct" depending on the interpretation.

"reduces key management complexity for non-sensitive data" - Google default encryption
"protects sensitive data while providing the flexibility of controlling the key residency and rotation schedule" - Customer Managed Key

**Reference:** examtopics_top_comment

---
Source: https://hiexam.net/q/google/Professional-Cloud-Security-Engineer/426  
Practice (tracked): https://hiexam.net/study/Professional-Cloud-Security-Engineer/practice