Answer-first summary for fast verification
Answer: Customer-managed encryption keys with Cloud HSM
The question requires a Google Cloud encryption service that meets three key requirements: master key rotation every 45 days, FIPS 140-2 Level 3 validation for the storage solution, and multi-region redundancy within the US. Option B (Customer-managed encryption keys with Cloud HSM) is the correct choice because Cloud HSM provides FIPS 140-2 Level 3 validation, supports automatic key rotation (which can be configured to meet the 45-day requirement), and allows for multi-region deployment within the US for redundancy. Option A (Customer-managed encryption keys with Cloud KMS) does not meet the FIPS 140-2 Level 3 requirement, as Cloud KMS typically offers Level 1 or 2 validation. Option C (Customer-supplied encryption keys) lacks the managed service features and FIPS validation. Option D (Google-managed encryption keys) does not provide customer control over key management or FIPS Level 3 validation. The community discussion strongly supports B, with high upvotes and references to Google documentation confirming Cloud HSM's FIPS 140-2 Level 3 compliance and multi-region capabilities.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are responsible for recommending a Google Cloud encryption service for a client migrating their data. The service must manage their encryption keys and meet these requirements:
A
Customer-managed encryption keys with Cloud Key Management Service
B
Customer-managed encryption keys with Cloud HSM
C
Customer-supplied encryption keys
D
Google-managed encryption keys
No comments yet.