Answer-first summary for fast verification
Answer: Implement an organization policy that ensures all VM resources created across your organization are Confidential VM instances.
The question specifically requires encryption for data 'in use' by VMs, which refers to protecting data during processing in memory. Confidential VMs (option B) use AMD's Secure Encrypted Virtualization (SEV) technology to encrypt data in memory while it's being processed, providing protection for data in use. Option A (CMEK) and option C (EKM) only protect data at rest by managing encryption keys for storage, not data in use. Option D is incorrect because while Google encrypts data at rest and in transit by default, it does not encrypt data in use by default - Confidential VMs must be explicitly configured for that protection. The community discussion shows 100% consensus on option B with detailed explanations about how Confidential VMs specifically address the 'in use' encryption requirement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization handles sensitive health data and requires encryption for data in use by virtual machines (VMs). You need to create a policy that is enforced organization-wide.
What should you do?
A
Implement an organization policy that ensures that all VM resources created across your organization use customer-managed encryption keys (CMEK) protection.
B
Implement an organization policy that ensures all VM resources created across your organization are Confidential VM instances.
C
Implement an organization policy that ensures that all VM resources created across your organization use Cloud External Key Manager (EKM) protection.
D
No action is necessary because Google encrypts data while it is in use by default.