Google Exam Professional Cloud Security Engineer Topic 2 Question 59 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 59
Topic #: 2

[All Professional Cloud Security Engineer Questions]

You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and Access Management (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys.

What should you do?

ACreate a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the Key level.

BCreate a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the KeyRing level.

CCreate a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the Key level.

DCreate a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the KeyRing level.

Show Suggested Answer

Suggested Answer: C

VPC Flow Logs samples each VM's TCP, UDP, ICMP, ESP, and GRE flows. Both inbound and outbound flows are sampled. These flows can be between the VM and another VM, a host in your on-premises data center, a Google service, or a host on the internet. https://cloud.google.com/vpc/docs/flow-logs

by Pamella at Jan 08, 2023, 09:53 PM

Limited Time Offer

25%

16 days ago

I think we should create a single KeyRing for all persistent disks and manage IAM permissions at the Key level.

upvoted 0 times

...