Topic 1 Question 287
You work for a banking organization. You are migrating sensitive customer data to Google Cloud that is currently encrypted at rest while on-premises. There are strict regulatory requirements when moving sensitive data to the cloud. Independent of the cloud service provider, you must be able to audit key usage and be able to deny certain types of decrypt requests. You must choose an encryption strategy that will ensure robust security and compliance with the regulations. What should you do?
Utilize Google default encryption and Cloud IAM to keep the keys within your organization's control.
Implement Cloud External Key Manager (Cloud EKM) with Access Approval, to integrate with your existing on-premises key management solution.
Implement Cloud External Key Manager (Cloud EKM) with Key Access Justifications to integrate with your existing one premises key management solution.
Utilize customer-managed encryption keys (CMEK) created in a dedicated Google Compute Engine instance with Confidential Compute encryption, under your organization's control.
ユーザの投票
コメント(6)
Answer is C.
- Access Approval : This lets you control access to your organization's data by Google personnel.
- Key Access Justifications : This provides a justification for every request to access keys stored in an external key manager.
👍 5json4u2024/10/14- 正解だと思う選択肢: C
Key Access Justifications does what the question asks for.
👍 3dv12024/10/20 - 正解だと思う選択肢: B
I think it's B.
👍 2yokoyan2024/09/05
シャッフルモード