Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 2 Question 59 Discussion

You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and Access Management (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys.What should you do?
C) Create a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the Key level.
A) Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the Key level.
B) Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the KeyRing level.
D) Create a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the KeyRing level.

Google Professional Cloud Security Engineer Exam - Topic 2 Question 59 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 59
Topic #: 2
[All Professional Cloud Security Engineer Questions]

You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and Access Management (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: C

VPC Flow Logs samples each VM's TCP, UDP, ICMP, ESP, and GRE flows. Both inbound and outbound flows are sampled. These flows can be between the VM and another VM, a host in your on-premises data center, a Google service, or a host on the internet. https://cloud.google.com/vpc/docs/flow-logs


by Pamella at Jan 08, 2023, 09:53 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Mohammad
7 months ago
I thought each KeyRing had to be unique to a Key, this is new info for me!
upvoted 0 times
...
Raymon
7 months ago
Definitely B, it's simpler to manage permissions that way.
upvoted 0 times
...
Ria
7 months ago
Wait, why would you create a KeyRing per disk? That sounds excessive!
upvoted 0 times
...
Rosio
8 months ago
I disagree, managing at the Key level seems more flexible.
upvoted 0 times
...
Helaine
8 months ago
Option B is the way to go for grouped IAM permissions!
upvoted 0 times
...
Billye
8 months ago
I feel like having a KeyRing per disk could complicate things, but I'm not confident about the best way to manage permissions.
upvoted 0 times
...
Lavera
8 months ago
I practiced a similar question where managing permissions at the Key level was emphasized, but I can't recall if that applies here.
upvoted 0 times
...
Latosha
8 months ago
I'm not entirely sure, but I think creating a single KeyRing for all disks might be the right approach. It seems more efficient.
upvoted 0 times
...
Michell
8 months ago
I remember we discussed how managing IAM permissions at the KeyRing level could simplify access control for multiple keys.
upvoted 0 times
...
Daren
8 months ago
This is a tricky one, but I'm going to give it my best shot. I'll make sure to read the question and answers thoroughly.
upvoted 0 times
...
Amie
8 months ago
I think this question is testing our understanding of the different types of proxy servers. I'm pretty sure the answer is A - Intercepting proxy server, since those are also known as transparent or forced proxies.
upvoted 0 times
...
Quentin
8 months ago
Ah, the Legacy Wrapper pattern sounds promising. I'll make sure to apply that along with the Standardized Service Contract principle to address the issues with Service A.
upvoted 0 times
...
Marica
1 year ago
Forget the keys, let's just encrypt everything with duct tape. That's the real Cloud KMS.
upvoted 0 times
Dick
12 months ago
C) Create a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the Key level.
upvoted 0 times
...
Meghan
12 months ago
B) Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the KeyRing level.
upvoted 0 times
...
Salina
12 months ago
A) Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the Key level.
upvoted 0 times
...
Boris
1 year ago
C) Create a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the Key level.
upvoted 0 times
...
Melinda
1 year ago
B) Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the KeyRing level.
upvoted 0 times
...
Rossana
1 year ago
A) Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the Key level.
upvoted 0 times
...
...
Carli
1 year ago
Ah, the joys of cloud infrastructure! I think I'll go with B - less keys, less problems, am I right?
upvoted 0 times
...
Lottie
1 year ago
This question is like a treasure hunt, but the treasure is just more bureaucracy. I'll go with B, just to keep things from getting too messy.
upvoted 0 times
Dacia
1 year ago
Yeah, B is the way to go to avoid unnecessary complexity.
upvoted 0 times
...
Glendora
1 year ago
I agree, B seems like the simplest option to manage IAM permissions.
upvoted 0 times
...
...
Sanjuana
1 year ago
Hmm, I'm torn between B and D. But I guess B makes more sense since it's less administrative overhead.
upvoted 0 times
...
Albert
1 year ago
But wouldn't managing permissions at the Key level provide more granular control over access to the keys?
upvoted 0 times
...
Sylvie
1 year ago
I disagree, I believe creating a KeyRing per persistent disk and managing IAM permissions at the KeyRing level would be more secure.
upvoted 0 times
...
Mitzie
1 year ago
Option B is the way to go! Manage the IAM permissions at the KeyRing level to keep things simple and streamlined.
upvoted 0 times
Geoffrey
1 year ago
Definitely. It's all about efficiency and security when it comes to managing access to sensitive data.
upvoted 0 times
...
Lorrine
1 year ago
I agree. It's important to keep things organized when dealing with encryption keys.
upvoted 0 times
...
Devora
1 year ago
That makes sense. It would be easier to manage permissions that way.
upvoted 0 times
...
Gilberto
1 year ago
Option B is the way to go! Manage the IAM permissions at the KeyRing level to keep things simple and streamlined.
upvoted 0 times
...
...
Albert
1 year ago
I think we should create a single KeyRing for all persistent disks and manage IAM permissions at the Key level.
upvoted 0 times
...

Save Cancel