What should you do?

You need to implement an encryption-at-rest strategy that protects sensitive data and reduces key management complexity for non-sensitive data.

Your solution has the following requirements:

✑ Schedule key rotation for sensitive data.

✑ Control which region the encryption keys for sensitive data are stored in.

✑ Minimize the latency to access encryption keys for both sensitive and non-sensitive data.

What should you do?
A . Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.
B . Encrypt non-sensitive data and sensitive data with Cloud Key Management Service.
C . Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.
D . Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.

Answer: D

Explanation:

Google uses a common cryptographic library, Tink, which incorporates our FIPS 140-2 Level 1 validated module, BoringCrypto, to implement encryption consistently across almost all Google Cloud products. To provideflexibility of controlling the key residency and rotation schedule, use google provided key for non-sensitive and encrypt sensitive data with Cloud Key Management Service

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments