Answer-first summary for fast verification
Answer: Confidential Computing and Istio, Client-side encryption
The question requires end-to-end encryption covering data in transit, data in use, and data at rest within Google Cloud. Option D (Confidential Computing and Istio) provides encryption for data in use (via Confidential Computing) and data in transit (via Istio's mTLS for service-to-service communication). Option E (Client-side encryption) ensures data is encrypted before transmission (data in transit) and remains encrypted at rest, with the client maintaining key control. Together, these address all three states: D covers in-use and internal transit, while E covers external transit and at-rest encryption. Other options are less suitable: A (External Key Manager) and C (HSM) focus on key management but don't inherently encrypt data in use/transit; B (Customer-supplied keys) manages at-rest encryption but doesn't cover in-use or transit encryption comprehensively. The community consensus (77% for DE) and highly upvoted comments support this reasoning, emphasizing D for in-use/transit and E for transit/at-rest coverage.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A client needs to implement end-to-end encryption for application data, covering data in transit, data in use, and data at rest on Google Cloud. Which two solutions should you recommend?
A
External Key Manager
B
Customer-supplied encryption keys
C
Hardware Security Module
D
Confidential Computing and Istio
E
Client-side encryption