Topic 9 Question 41
Which of the following statements about encryption on GCP is not true?
Google Cloud Platform encrypts customer data stored at rest by default.
Each encryption key is itself encrypted with a set of master keys.
If you want to manage your own encryption keys for data on Google Cloud Storage, the only option is Customer-Managed Encryption Keys (CMEK) using Cloud KMS.
Data in Google Cloud Platform is broken into subfile chunks for storage, and each chunk is encrypted at the storage level with an individual encryption key.
解説
There are 3 ways to manage your own encryption keys when using Google : . Customer-managed encryption keys (CMEK) using Cloud KMS allow you to manage your own keys that are hosted on GCP. . Customer-supplied encryption keys (CSEK) allow you to manage your own keys on premise, but still use them on GCP. . With client-side encryption, you encrypt the data before you send it to GCP. Google Cloud Platform encrypts customer data stored at rest by default, with no additional action required from you. Data in Google Cloud Platform is broken into subfile chunks for storage, and each chunk is encrypted at the storage level with an individual encryption key. The key used to encrypt the data in a chunk is called a data encryption key (DEK). Because of the high volume of keys at Google, and the need for low latency and high availability, these keys are stored near the data that they encrypt. The DEKs are encrypted with (or "wrapped" by) a key encryption key (KEK). Customers can choose which key management solution they prefer for managing the KEKs that protect the DEKs that protect their data. Reference: https://cloud.google.com/security/encryption-at-rest/
コメント(3)
C is right
👍 3Ziegler2020/06/06C is ok we can also use Customer-supplied encryption keys (CSEK) with cloud storage
👍 3bjuneja2020/12/01Google Cloud Platform encrypts customer data stored at rest by default https://cloud.google.com/security/encryption-at-rest
👍 2iamoct2021/01/25
シャッフルモード