hiexam
google · Professional-Cloud-Security-Engineer · Q426 · multiple_choice · topic_1

You need to implement an encryption at-rest strategy that reduces key management complexity for non-sensitive data and…

You need to implement an encryption at-rest strategy that reduces key management complexity for non-sensitive data and protects sensitive data while providing the flexibility of controlling the key residency and rotation schedule. FIPS 140-2 L1 compliance is required for all data types. What should you do?
  • A.Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.
  • B.Encrypt non-sensitive data and sensitive data with Cloud Key Management Service
  • C.Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.
  • D.Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.
Explanation
Selected Answer: D Both B and D seem correct tbh. D might be "more correct" depending on the interpretation. "reduces key management complexity for non-sensitive data" - Google default encryption "protects sensitive data while providing the flexibility of controlling the key residency and rotation schedule" - Customer Managed Key

Reference: examtopics_top_comment

Practice with progress tracking

Sign in to track wrong answers, get spaced-repetition reminders, and run timed exam mode.

Start tracked practicePricing