Google Professional Cloud Security Engineer
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
Your development team is deploying a new financial application with a microservices architecture on Compute Engine instances and serverless components like Cloud Functions. The application will process financial transactions that involve temporary, highly sensitive data in memory. To secure this data in use during computation and minimize the risk of unauthorized memory access, what should you do?
A
Enable Confidential VM instances for Compute Engine, and ensure that relevant Cloud Functions can leverage hardware-based memory isolation.
B
Use data masking and tokenization techniques on sensitive financial data fields throughout the application and the application's data processing workflows.
C
Use the Cloud Data Loss Prevention (Cloud DLP) API to scan and mask sensitive data before feeding the data into any compute environment.
D
Store all sensitive data during processing in Cloud Storage by using customer-managed encryption keys (CMEK), and set strict bucket-level permissions.