Answer-first summary for fast verification
Answer: Inject the secret at the time of instance creation via an encrypted configuration management system.
The question focuses on minimizing exposure of sensitive information through encryption and secure access practices. Option B is the correct choice because injecting secrets at runtime via an encrypted configuration management system (e.g., Google Cloud Secret Manager) ensures secrets are never stored statically on the instance. This approach encrypts secrets at rest and in transit, and by injecting them only during instance creation, they reside solely in memory, drastically reducing exposure if a breach occurs. In contrast: - Option A (key rotation via Cloud KMS) is good for encryption key management but doesn't address how the application accesses secrets directly. - Option C (SSO integration) focuses on authentication, not secret management or encryption for application data. - Option D (generating multiple secret versions) increases complexity and potential exposure points without inherently improving encryption or minimizing breach risks. Google Cloud best practices recommend runtime secret injection for minimal exposure.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you securely deploy an application that requires access to sensitive information while ensuring the data is encrypted and the risk of exposure is minimized in case of a breach?
A
Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently
B
Inject the secret at the time of instance creation via an encrypted configuration management system.
C
Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application.
D
Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.
No comments yet.