PROFESSIONAL-CLOUD-DEVELOPER · Question #190
Your company has a new security initiative that requires all data stored in Google Cloud to be encrypted by customer-managed encryption keys. You plan to use Cloud Key Management Service (KMS) to conf
The correct answer is A. Provision Cloud KMS in its own project. B. Do not assign an owner to the Cloud KMS project.. Separation of duties requires that no single person or resource has unchecked control over sensitive operations. Provisioning Cloud KMS in its own dedicated project (A) isolates key management from the workload projects that consume the keys - an administrator of the workload pro
Question
Your company has a new security initiative that requires all data stored in Google Cloud to be encrypted by customer-managed encryption keys. You plan to use Cloud Key Management Service (KMS) to configure access to the keys. You need to follow the "separation of duties" principle and Google-recommended best practices. What should you do? (Choose two.)
Options
- AProvision Cloud KMS in its own project.
- BDo not assign an owner to the Cloud KMS project.
- CProvision Cloud KMS in the project where the keys are being used.
- DGrant the roles/cloudkms.admin role to the owner of the project where the keys from Cloud KMS
- EGrant an owner role for the Cloud KMS project to a different user than the owner of the project
How the community answered
(51 responses)- A80% (41)
- C2% (1)
- D6% (3)
- E12% (6)
Explanation
Separation of duties requires that no single person or resource has unchecked control over sensitive operations. Provisioning Cloud KMS in its own dedicated project (A) isolates key management from the workload projects that consume the keys - an administrator of the workload project cannot also administer the keys. Not assigning an owner to the Cloud KMS project (B) prevents any individual from having unrestricted control over the project, forcing all administrative actions to go through IAM roles with narrower, auditable permissions. Option C violates separation of duties by co-locating keys with the workloads they protect. Option D grants the cloud KMS admin role to the same owner who runs the consuming project, again collapsing two roles into one person. Option E grants the owner role (overly broad) to a different user, but the owner role on the KMS project still gives that person far more access than necessary - the principle of least privilege is not satisfied.
Topics
Community Discussion
No community discussion yet for this question.