Topic 1 Question 135
You need to implement an encryption-at-rest strategy that protects sensitive data and reduces key management complexity for non-sensitive data. Your solution has the following requirements: ✑ Schedule key rotation for sensitive data. ✑ Control which region the encryption keys for sensitive data are stored in. ✑ Minimize the latency to access encryption keys for both sensitive and non-sensitive data. What should you do?
Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.
Encrypt non-sensitive data and sensitive data with Cloud Key Management Service.
Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.
Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: D
Answer D because "Minimize the latency to access encryption keys"
👍 9GHOST19852022/09/10 - 👍 5TonytheTiger2022/11/19
- 正解だと思う選択肢: B
✑ Schedule key rotation for sensitive data. : => Cloud KMS allows you to set a rotation schedule for symmetric keys to automatically generate a new key version at a fixed time interval. Multiple versions of a symmetric key can be active at any time for decryption, with only one primary key version used for encrypting new data. With EKM, create an externally managed key directly from the Cloud KSM console.
✑ Control which region the encryption keys for sensitive data are stored in. => If using Cloud KMS, your cryptographic keys will be stored in the region where you deploy the resource. You also have the option of storing those keys inside a physical Hardware Security Module located in the region you choose with Cloud HSM.
✑ Minimize the latency to access encryption keys for both sensitive and non-sensitive data : => Cloud KMS is available in several global locations and across multi-regions, allowing you to place your service where you want for low latency and high availability.
👍 3GHOST19852022/10/05
シャッフルモード