Which boot disk encryption solution should you use on the cluster to meet this customer’s requirements?

A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement to be able to manage and rotate the encryption keys.

Which boot disk encryption solution should you use on the cluster to meet this customer’s requirements?
A . Customer-supplied encryption keys (CSEK)
B . Customer-managed encryption keys (CMEK) using Cloud Key Management Service (KMS)
C . Encryption by default
D . Pre-encrypting files before transferring to Google Cloud Platform (GCP) for analysis

Answer: B

Explanation:

Reference https://cloud.google.com/kubernetes-engine/docs/how-to/dynamic-provisioning-cmek

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments