PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #307
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #307: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to reveal the answer and full explanation for question #307. The question stem and answer options stay visible for context.
Question
You work for a banking organization. You are migrating sensitive customer data to Google Cloud that is currently encrypted at rest while on-premises. There are strict regulatory requirements when moving sensitive data to the cloud. Independent of the cloud service provider, you must be able to audit key usage and be able to deny certain types of decrypt requests. You must choose an encryption strategy that will ensure robust security and compliance with the regulations. What should you do?
Options
- AUtilize Google default encryption and Cloud IAM to keep the keys within your organization's
- BImplement Cloud External Key Manager (Cloud EKM) with Access Approval, to integrate with
- CImplement Cloud External Key Manager (Cloud EKM) with Key Access Justifications to integrate
- DUtilize customer-managed encryption keys (CMEK) created in a dedicated Google Compute
Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-SECURITY-ENGINEER questions. Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.