Google Professional Cloud Security Engineer
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
Your banking organization is migrating sensitive customer data to Google Cloud. This data is currently encrypted at rest on-premises and is subject to strict regulatory requirements. The chosen encryption strategy must allow you to audit all key usage and have the ability to deny specific types of decrypt requests, independent of the cloud service provider. What should you do to ensure robust security and regulatory compliance?
A
Utilize Google default encryption and Cloud IAM to keep the keys within your organization's control.
B
Implement Cloud External Key Manager (Cloud EKM) with Access Approval, to integrate with your existing on-premises key management solution.
C
Implement Cloud External Key Manager (Cloud EKM) with Key Access Justifications to integrate with your existing one premises key management solution.
D
Utilize customer-managed encryption keys (CMEK) created in a dedicated Google Compute Engine instance with Confidential Compute encryption, under your organization's control.