Answer-first summary for fast verification
Answer: Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the KeyRing level.
The question requires managing IAM permissions for Cloud KMS keys in a grouped way since permissions are the same for all keys. In Google Cloud KMS, KeyRings are logical groupings of keys that share the same location and can have IAM permissions applied at the KeyRing level, which then apply to all keys within that KeyRing. Option B correctly uses a single KeyRing for all persistent disks, allowing centralized IAM management at the KeyRing level, which is efficient and aligns with the requirement for grouped permission management. Option A uses a single KeyRing but manages permissions at the Key level, which is less efficient and contradicts the grouped management requirement. Options C and D create a KeyRing per disk, which is unnecessary and complicates management, as it leads to multiple KeyRings without benefiting from the grouped permission approach.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to ensure that data on Compute Engine disks is encrypted at rest using keys managed by Cloud Key Management Service (KMS). Additionally, Cloud IAM permissions for these keys must be managed collectively, as the same permissions apply to all keys. What should you do?
A
Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the Key level.
B
Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the KeyRing level.
C
Create a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the Key level.
D
Create a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the KeyRing level.
No comments yet.