Answer-first summary for fast verification
Answer: Enable automatic key version rotation on a regular schedule., Limit the number of messages encrypted with each key version.
The question asks for proactive measures to minimize the impact of a potential key compromise BEFORE an incident occurs. Option B (Enable automatic key version rotation on a regular schedule) is correct because regular rotation limits the exposure window for any compromised key version. Option D (Limit the number of messages encrypted with each key version) is correct as it reduces the amount of data vulnerable to cryptanalysis if a key is compromised, aligning with Google Cloud KMS best practices. Option A is incorrect because disabling/revoking compromised keys is a reactive measure taken AFTER an incident, not before. Option C is suboptimal compared to automatic rotation as it lacks consistency and reliability. Option E is incorrect as disabling the entire Cloud KMS API would disrupt all encryption operations, which is not a practical proactive security measure.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization uses Cloud KMS symmetric encryption keys to protect user data. To minimize the impact of a potential key compromise, which two actions should you proactively take?
A
Disable and revoke access to compromised keys.
B
Enable automatic key version rotation on a regular schedule.
C
Manually rotate key versions on an ad hoc schedule.
D
Limit the number of messages encrypted with each key version.
E
Disable the Cloud KMS API.