You need to ensure that the encryption keys protecting your data at rest are rotated every 90 days to meet a security control. How should you implement a detection strategy to verify that this key rotation is occurring as required?

Exam-Like

Analyze the crypto key versions of the keys by using data from Cloud Asset Inventory. If an active key is older than 90 days, send an alert message through your incident notification channel.

Assess the keys in the Cloud Key Management Service by implementing code in Cloud Run. If a key is not rotated after 90 days, raise a finding in Security Command Center.

Define a metric that checks for timely key updates by using Cloud Logging. If a key is not rotated after 90 days, send an alert message through your incident notification channel.

Identify keys that have not been rotated by using Security Health Analytics. If a key is not rotated after 90 days, a finding in Security Command Center is raised.

Google Professional Cloud Security Engineer

Get started today

Comments

You need to ensure that the encryption keys protecting your data at rest are rotated every 90 days to meet a security control. How should you implement a detection strategy to verify that this key rotation is occurring as required?