Topic 1 Question 19

Professional Cloud Security Engineer

Topic 1 Question 19
You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer. What should you do?
- Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.
- Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.
- Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.
- Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.
解説
Reference: https://cloud.google.com/kms/docs/envelope-encryption

ユーザの投票
コメント(17)
- Yes, A is correct
  
  The process of encrypting data is to generate a DEK locally, encrypt data with the DEK, use a KEK to wrap the DEK, and then store the encrypted data and the wrapped DEK. The KEK never leaves Cloud KMS.
  
  👍 20
  Sheeda2020/08/11
- The Answer is A
  
  👍 2
  aiwaai2020/08/18
- A - Envelope Encryption ( DEK - to encrypt the data, KEK - encrypt the DEK , KEK resides in KMS and only the encrypted data and wrapped DEK will be stored back )
  
  👍 2
  Bharathy2020/12/04
シャッフルモード

解説

ユーザの投票

コメント(17)