Topic 1 Question 309
Your development team is launching a new application. The new application has a microservices architecture on Compute Engine instances and serverless components, including Cloud Functions. This application will process financial transactions that require temporary, highly sensitive data in memory. You need to secure data in use during computations with a focus on minimizing the risk of unauthorized access to memory for this financial application. What should you do?
Enable Confidential VM instances for Compute Engine, and ensure that relevant Cloud Functions can leverage hardware-based memory isolation.
Use data masking and tokenization techniques on sensitive financial data fields throughout the application and the application's data processing workflows.
Use the Cloud Data Loss Prevention (Cloud DLP) API to scan and mask sensitive data before feeding the data into any compute environment.
Store all sensitive data during processing in Cloud Storage by using customer-managed encryption keys (CMEK), and set strict bucket-level permissions.
ユーザの投票
コメント(2)
A - Confidential VMs: Using Confidential VMs provides a strong security boundary around the memory of the VM instances, protecting sensitive data from unauthorized access, even if the VM is compromised. Hardware-Based Memory Isolation: Leveraging hardware-based memory isolation ensures that the data within the VM's memory is protected by hardware-enforced mechanisms, making it significantly more difficult for attackers to access. Comprehensive Protection: This approach provides a comprehensive solution for securing data in use, as it combines both software-based (Confidential VMs) and hardware-based (memory isolation) protections.
👍 2abdelrahman892024/10/04- 正解だと思う選択肢: A
It's A. Well explained in abdelrahman89's comment.
👍 1json4u2024/10/15
シャッフルモード