Topic 1 Question 76

Professional Cloud Security Engineer

Topic 1 Question 76
Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process. What should you do?
- Use the Cloud Key Management Service to manage a data encryption key (DEK).
- Use the Cloud Key Management Service to manage a key encryption key (KEK).
- Use customer-supplied encryption keys to manage the data encryption key (DEK).
- Use customer-supplied encryption keys to manage the key encryption key (KEK).
解説
Reference: https://cloud.google.com/security/encryption-at-rest/default-encryption/

ユーザの投票
コメント(17)
- The anwser is:C This is a Customer-supplied encryption keys (CSEK). We generate our own encryption key and manage it on-premises. A KEK never leaves Cloud KMS.There is no KEK or KMS on-premises.
  
  Encryption at rest by default, with various key management options https://cloud.google.com/security/encryption-at-rest
  
  👍 20
  HateMicrosoft2021/03/13
- 正解だと思う選択肢: D
  Reference Links: https://cloud.google.com/kms/docs/envelope-encryption https://cloud.google.com/security/encryption-at-rest/customer-supplied-encryption-keys
  
  👍 5
  sudarchary2022/01/31
- 正解だと思う選択肢: D
  The word "manage" on this question can have multiple meanings. If we replace "to manage" by the word "as"... Then it's D
  
  We generate a key localy (which is a KEK) and Google uses it to encrypt the different DEKs (for each chunk)
  
  "If you supply your own encryption keys, Google uses your key to protect the Google-generated keys used to encrypt and decrypt your data." https://cloud.google.com/docs/security/encryption/customer-supplied-encryption-keys
  
  👍 3
  Chute51182022/07/24
シャッフルモード

解説

ユーザの投票

コメント(17)