Explanation:
The question focuses on minimizing exposure of sensitive information through encryption and secure access practices. Option B is the correct choice because injecting secrets at runtime via an encrypted configuration management system (e.g., Google Cloud Secret Manager) ensures secrets are never stored statically on the instance. This approach encrypts secrets at rest and in transit, and by injecting them only during instance creation, they reside solely in memory, drastically reducing exposure if a breach occurs. In contrast:
Ultimate access to all questions.
No comments yet.
How can you securely deploy an application that requires access to sensitive information while ensuring the data is encrypted and the risk of exposure is minimized in case of a breach?
A
Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently
B
Inject the secret at the time of instance creation via an encrypted configuration management system.
C
Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application.
D
Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.