Topic 1 Question 161
You are implementing data protection by design and in accordance with GDPR requirements. As part of design reviews, you are told that you need to manage the encryption key for a solution that includes workloads for Compute Engine, Google Kubernetes Engine, Cloud Storage, BigQuery, and Pub/Sub. Which option should you choose for this implementation?
Cloud External Key Manager
Customer-managed encryption keys
Customer-supplied encryption keys
Google default encryption
ユーザの投票
コメント(12)
- 正解だと思う選択肢: B
B is the answer. https://cloud.google.com/kms/docs/using-other-products#cmek_integrations
https://cloud.google.com/kms/docs/using-other-products#cmek_integrations CMEK is supported for all the listed google services.
👍 14zellck2022/09/26 - 正解だと思う選択肢: A
Obviously A is the better answer. Based on the GCP blog [1], you can utilize Cloud External Key Manager (Cloud EKM) to manage customer key easily and fulfill the compliance requirements as Key Access Justifications is already GA. Also, Cloud EKM supports all the services listed in the questions per the reference [2]
[1] https://cloud.google.com/blog/products/compliance/how-google-cloud-helps-customers-stay-current-with-gdpr [2] https://cloud.google.com/kms/docs/ekm#supported_services
👍 7Littleivy2022/11/11 Answer is A, Customers can also require detailed justification and approval each time a key is requested to decrypt data using External Key Manager, and deny Google the ability to decrypt their data for any reason using Key Access Justifications, which is now in General Availability. https://cloud.google.com/blog/products/compliance/how-google-cloud-helps-customers-stay-current-with-gdpr
👍 5Table20222022/10/26
シャッフルモード