nerdexam
ExamsPROFESSIONAL-CLOUD-SECURITY-ENGINEERQuestions#156
GoogleGoogle

PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #156

PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #156: Real Exam Question with Answer & Explanation

The correct answer is B: Enable automatic key version rotation on a regular schedule.. Limiting the number of messages encrypted with the same key version helps prevent attacks enabled by cryptanalysis. https://cloud.google.com/kms/docs/key-rotation

Submitted by jakub_pl· Apr 18, 2026Ensuring data protection

Question

Your security team uses encryption keys to ensure confidentiality of user data. You want to establish a process to reduce the impact of a potentially compromised symmetric encryption key in Cloud Key Management Service (Cloud KMS). Which steps should your team take before an incident occurs? (Choose two.)

Options

  • ADisable and revoke access to compromised keys.
  • BEnable automatic key version rotation on a regular schedule.
  • CManually rotate key versions on an ad hoc schedule.
  • DLimit the number of messages encrypted with each key version.
  • EDisable the Cloud KMS API.

Explanation

Limiting the number of messages encrypted with the same key version helps prevent attacks enabled by cryptanalysis. https://cloud.google.com/kms/docs/key-rotation

Topics

#Cloud KMS#Key Rotation#Symmetric Encryption#Data Protection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-CLOUD-SECURITY-ENGINEER PracticeBrowse All PROFESSIONAL-CLOUD-SECURITY-ENGINEER Questions