Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 3 Question 7 Discussion

Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process.What should you do?
C) Use customer-supplied encryption keys to manage the data encryption key (DEK).
A) Use the Cloud Key Management Service to manage a data encryption key (DEK).
B) Use the Cloud Key Management Service to manage a key encryption key (KEK).
D) Use customer-supplied encryption keys to manage the key encryption key (KEK).

Google Professional Cloud Security Engineer Exam - Topic 3 Question 7 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 7
Topic #: 3
[All Professional Cloud Security Engineer Questions]

Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: C

https://cloud.google.com/security/encryption-at-rest/default-encryption/

by Bulah at May 07, 2022, 07:49 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Mauricio
7 months ago
I thought KEK was more secure than DEK.
upvoted 0 times
...
Virgilio
7 months ago
Wait, can we really trust customer-supplied keys?
upvoted 0 times
...
Eva
8 months ago
Totally agree with C! Makes sense for DEK.
upvoted 0 times
...
Yen
8 months ago
I think B is better for managing KEK.
upvoted 0 times
...
Jesusa
8 months ago
Option C is the way to go for on-premises keys.
upvoted 0 times
...
Paul
8 months ago
I vaguely remember that KEK is used for encrypting DEK, but I'm not sure if that's the right approach here. I wish I had reviewed more before the exam!
upvoted 0 times
...
Lorrine
8 months ago
I think using customer-supplied encryption keys makes sense for this scenario since we want to control the key generation ourselves.
upvoted 0 times
...
Hana
8 months ago
I'm a bit unsure about whether to use customer-supplied keys or the Cloud Key Management Service. I feel like we practiced a similar question, but I can't recall the specifics.
upvoted 0 times
...
Samira
8 months ago
I remember we discussed the difference between DEK and KEK in class. I think we should be focusing on how to manage the DEK with a key generated on-premises.
upvoted 0 times
...
Thersa
8 months ago
I'm leaning towards Distributed Sending as well. It sounds like the best fit for securely sending emails to the individual franchisees without making them publicly available.
upvoted 0 times
...
Charisse
8 months ago
Okay, I think I've got this. If we remove the tuple for Student_ID 1001, it would result in a deletion anomaly since that student's participation in the sports activity would be lost.
upvoted 0 times
...
Jeffrey
8 months ago
Option C looks promising - adding the partner's Google Workspace IDs to a group and then using that as an exception. That way we can maintain the policy but still grant access.
upvoted 0 times
...
Ming
8 months ago
I remember studying x-frame-options and its role in clickjacking, but I don't think it stops pages from loading like this question asks.
upvoted 0 times
...
Kathryn
8 months ago
Block grants and dual eligibles in option D sound complex. That makes me suspicious it's probably not the correct answer.
upvoted 0 times
...
Lorrine
8 months ago
This seems pretty straightforward. I think the key is to make sure the virtual network and subnets are set up correctly to host the Application Gateway. I'll focus on that first before considering any other factors.
upvoted 0 times
...

Save Cancel