Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process.
What should you do?
A . Use the Cloud Key Management Service to manage a data encryption key (DEK).
B . Use the Cloud Key Management Service to manage a key encryption key (KEK).
C . Use customer-supplied encryption keys to manage the data encryption key (DEK).
D . Use customer-supplied encryption keys to manage the key encryption key (KEK).
Answer: C
Explanation:
This is a Customer-supplied encryption keys (CSEK). We generate our own encryption key and manage it on-premises. A KEK never leaves Cloud KMS. There is no KEK or KMS on-premises. Encryption at rest by default, with various key management options https://cloud.google.com/security/encryption-at-rest
Reference: https://cloud.google.com/security/encryption-at-rest/default-encryption/
Latest Professional Cloud Security Engineer Dumps Valid Version with 93 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund