Topic 1 Question 318
Your organization must store highly sensitive data within Google Cloud. You need to design a solution that provides the strongest level of security and control. What should you do?
Use Cloud Storage with customer-supplied encryption keys (CSEK), VPC Service Controls for network isolation, and Cloud DLP for data inspection.
Use Cloud Storage with customer-managed encryption keys (CMEK), Cloud DLP for data classification, and Secret Manager for storing API access tokens.
Use Cloud Storage with client-side encryption, Cloud KMS for key management, and Cloud HSM for cryptographic operations.
Use Cloud Storage with server-side encryption, BigQuery with column-level encryption, and IAM roles for access control.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: C
Answer C
👍 2abdelrahman892024/10/24 - 正解だと思う選択肢: C
Client-Side Encryption: Encrypting data before it leaves your control ensures that even if someone gains access to your Cloud Storage bucket, they cannot decrypt the data without the encryption keys. This provides an extra layer of protection against unauthorized access or data breaches. Cloud KMS: Cloud KMS provides a secure and managed service for generating and storing your encryption keys.1 You can control key access with granular IAM permissions and audit all key operations. Cloud HSM: Cloud HSM takes key security to the next level by using dedicated, tamper-resistant hardware security modules (HSMs) to generate and protect your keys. This offers the highest level of protection against key compromise.
👍 2vamgcp2024/11/25 - 正解だと思う選択肢: C
Highly Secure etc = HSM
👍 1MoAk2024/11/27
シャッフルモード