A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement to be able to manage and rotate the encryption keys.
Which boot disk encryption solution should you use on the cluster to meet this customer’s requirements?
A . Customer-supplied encryption keys (CSEK)
B . Customer-managed encryption keys (CMEK) using Cloud Key Management Service (KMS)
C . Encryption by default
D . Pre-encrypting files before transferring to Google Cloud Platform (GCP) for analysis
Answer: B
Explanation:
Reference https://cloud.google.com/kubernetes-engine/docs/how-to/dynamic-provisioning-cmek
Latest Professional Cloud Security Engineer Dumps Valid Version with 93 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund