PROFESSIONAL-CLOUD-ARCHITECT · Question #364
PROFESSIONAL-CLOUD-ARCHITECT Question #364: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-ARCHITECT to reveal the answer and full explanation for question #364. The question stem and answer options stay visible for context.
Question
You are deploying a highly confidential data processing workload on Google Cloud. Your company's compliance framework mandates that cryptographic keys used for encrypting data at rest must be generated and stored exclusively within a validated Hardware Security Module (HSM). You want to use a fully integrated Google Cloud managed service to handle the lifecycle and usage of these keys. What should you do?
Options
- AUse Customer-Supplied Encryption Keys (CSEK) by providing your on-premises generated key
- BImport your on-premises HSM key material into a Cloud KMS key with the SOFTWARE protection
- CCreate a new key in Cloud Key Management Service (Cloud KMS) with the HSM protection level.
- DConfigure Cloud External Key Manager (Cloud EKM) to connect to your on-premises HSM.
Unlock PROFESSIONAL-CLOUD-ARCHITECT to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-ARCHITECT questions. Unlock PROFESSIONAL-CLOUD-ARCHITECT for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.