Topic 1 Question 62
Your organization has a security policy to ensure that all Cloud SQL for PostgreSQL databases are secure. You want to protect sensitive data by using a key that meets specific locality or residency requirements. Your organization needs to control the key's lifecycle activities. You need to ensure that data is encrypted at rest and in transit. What should you do?
Create the database with Google-managed encryption keys.
Create the database with customer-managed encryption keys.
Create the database persistent disk with Google-managed encryption keys.
Create the database persistent disk with customer-managed encryption keys.
ユーザの投票
コメント(4)
B: Create the database with customer-managed encryption keys. How do you create a customer managed key? In the navigation pane, choose Customer managed keys. Choose Create key. To create a symmetric encryption KMS key, for Key type choose Symmetric. For information about how to create an asymmetric KMS key in the AWS KMS console, see Creating asymmetric KMS keys (console).
👍 3pk3492022/12/24- 正解だと思う選択肢: B
Despite that you select CMEK in the Storage section, it says: This instance is encrypted with a Google-managed key by default. If you need to manage your encryption, you can use a customer-managed key instead. Also, you don't need to create persistent disk, google does that.
👍 2chelbsik2022/12/25 B. Having greater control over EK means use CMEK. That eliminates A and C. When creating a Cloud SQL instance you get to choose the encryption method at the instance level, which would include databases. That makes D not make sense. So it’s B.
👍 2dynamic_dba2023/03/13
シャッフルモード