Answer-first summary for fast verification
Answer: Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.
The question requires balancing security requirements for sensitive data with simplicity for non-sensitive data. Option D is optimal because: 1) Google default encryption automatically handles non-sensitive data with minimal latency and complexity, meeting the requirement to reduce key management overhead. 2) Cloud KMS (not External Key Manager) supports scheduled key rotation and regional key control for sensitive data, fulfilling those specific requirements. 3) Both solutions minimize latency - default encryption is optimized for performance, and KMS provides low-latency access within Google Cloud. Options A and B are suboptimal because they use the same encryption method for both data types, increasing complexity unnecessarily. Option C is incorrect because Cloud External Key Manager doesn't support scheduled key rotation, which is a key requirement for sensitive data. The community discussion strongly supports D (86% consensus) with valid reasoning about latency optimization and complexity reduction.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You need to implement an encryption-at-rest solution that meets the following requirements:
A
Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.
B
Encrypt non-sensitive data and sensitive data with Cloud Key Management Service.
C
Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.
D
Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.