Answer-first summary for fast verification
Answer: Establish a trusted execution environment with a Confidential VM.
The question specifically requires encrypting data 'while in use' or 'while being processed,' which refers to protecting data during computation in memory. Confidential VM (option B) is designed for this exact purpose - it uses hardware-based trusted execution environments to encrypt data in use, protecting it from cloud infrastructure operators and other tenants. This aligns with the community consensus (100% selected B with upvoted comments referencing Google's confidential computing documentation). Option A (CSEK) and option D (CMEK) only encrypt data at rest, not during processing. Option C (Shielded VM) provides boot integrity and monitoring but doesn't encrypt data during computation. Therefore, only Confidential VM addresses the specific requirement for data-in-use encryption in regulated environments.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization operates in a highly regulated environment with strict compliance requirements for protecting customer data. You need to encrypt data while it is being processed to meet these regulations. What should you do?
A
Enable the use of customer-supplied encryption keys (CSEK) keys in the Google Compute Engine VMs to give your organization maximum control over their VM disk encryption.
B
Establish a trusted execution environment with a Confidential VM.
C
Use a Shielded VM to ensure a secure boot with integrity monitoring for the application environment.
D
Use customer-managed encryption keys (CMEK) and Cloud KSM to enable your organization to control their keys for data encryption in Cloud SQL.