Topic 1 Question 33
A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement to be able to control the key lifecycle. Which boot disk encryption solution should you use on the cluster to meet this customer's requirements?
Customer-supplied encryption keys (CSEK)
Customer-managed encryption keys (CMEK) using Cloud Key Management Service (KMS)
Encryption by default
Pre-encrypting files before transferring to Google Cloud Platform (GCP) for analysis
ユーザの投票
コメント(2)
- 正解だと思う選択肢: B
Customer Managed Encryption keys using KMS lets users control the key management and rotation policies and Compute Engine Disks support CMEKs
👍 4animesh542022/05/01 - 正解だと思う選択肢: B
Correct Answer: B Explanation/Reference: Reference https://cloud.google.com/kubernetes-engine/docs/how-to/dynamic-provisioning-cmek
👍 3AwesomeGCP2022/10/05
シャッフルモード