Answer-first summary for fast verification
Answer: Customer-supplied encryption keys., Cloud External Key Manager
The question requires encryption solutions where encryption keys are NOT stored at rest in the same cloud provider as the data. Option A (Customer-supplied encryption keys) allows customers to provide their own encryption keys that are never stored in Google Cloud. Option D (Cloud External Key Manager) enables using keys stored in external key management systems outside of Google Cloud. Both options satisfy the requirement of not storing keys at rest in Google Cloud. Option B (Google default encryption) stores keys within Google Cloud infrastructure. Option C (Secret Manager) is for storing secrets, not for data encryption. Option E (Customer-managed encryption keys) stores keys in Google Cloud Key Management Service, which violates the requirement of not storing keys in the same CSP.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A client requires encryption for sensitive data but does not want their encryption keys stored at rest in the same cloud provider as the data. Which two Google Cloud encryption solutions should you recommend?
A
Customer-supplied encryption keys.
B
Google default encryption
C
Secret Manager
D
Cloud External Key Manager
E
Customer-managed encryption keys
No comments yet.