Exam4Training

What should you do?

You need to implement an encryption at-rest strategy that reduces key management complexity for non-sensitive data and protects sensitive data while providing the flexibility of controlling the key residency and rotation schedule. FIPS 140-2 L1 compliance is required for all data types.

What should you do?
A . Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.
B . Encrypt non-sensitive data and sensitive data with Cloud Key Management Service
C . Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.
D . Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.

Answer: D

Explanation:

Google uses a common cryptographic library, Tink, which incorporates our FIPS 140-2 Level 1 validated module, BoringCrypto, to implement encryption consistently across almost all Google Cloud products. To provideflexibility of controlling the key residency and rotation schedule, use google provided key for non-sensitive and encrypt sensitive data with Cloud Key Management Service

Exit mobile version