Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Google Exam Professional-Cloud-Security-Engineer Topic 4 Question 85 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 85
Topic #: 4
[All Professional Cloud Security Engineer Questions]

You manage a mission-critical workload for your organization, which is in a highly regulated industry The workload uses Compute Engine VMs to analyze and process the sensitive data after it is uploaded to Cloud Storage from the endpomt computers. Your compliance team has detected that this workload does not meet the data protection requirements for sensitive dat

a. You need to meet these requirements;

* Manage the data encryption key (DEK) outside the Google Cloud boundary.

* Maintain full control of encryption keys through a third-party provider.

* Encrypt the sensitive data before uploading it to Cloud Storage

* Decrypt the sensitive data during processing in the Compute Engine VMs

* Encrypt the sensitive data in memory while in use in the Compute Engine VMs

What should you do?

Choose 2 answers

Show Suggested Answer Hide Answer
Suggested Answer: C, D

https://cloud.google.com/confidential-computing/confidential-vm/docs/creating-cvm-instance#considerations

Confidential VM does not support live migration. You can only enable Confidential Computing on a VM when you first create the instance. https://cloud.google.com/confidential-computing/confidential-vm/docs/creating-cvm-instance


by Delila at Aug 07, 2024, 02:39 PM

Limited Time Offer

25%

Off

Get Premium Professional-Cloud-Security-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Remona
1 months ago
Ha, this is like a 'spot the difference' puzzle, but for cloud security! C and E are definitely the answers that will keep the compliance team happy.
upvoted 0 times
...
Dalene
1 months ago
This is a tricky one, but I reckon C and E are the way to go. Can't go wrong with full control of the encryption keys.
upvoted 0 times
Gilma
21 days ago
Definitely, it's important to encrypt the data before uploading and decrypt it after downloading.
upvoted 0 times
...
Keneth
24 days ago
I agree, C and E seem like the best options for maintaining control of the encryption keys.
upvoted 0 times
...
...
Yuriko
1 months ago
The question is asking for 2 answers, so I'd go with C and E. Confidential VMs might be overkill for this use case.
upvoted 0 times
Glen
17 days ago
Yeah, managing the encryption keys outside of Google Cloud and using Customer Managed Encryption Keys seems like the way to go.
upvoted 0 times
...
Hermila
29 days ago
Confidential VMs might be too much for this workload, sticking with C and E is a safer bet.
upvoted 0 times
...
Oren
1 months ago
I agree, C and E seem like the best options to meet the data protection requirements.
upvoted 0 times
...
...
Jina
2 months ago
I'm leaning towards C and E as well. Encrypting the data before upload and decrypting during processing seems to be the most secure approach.
upvoted 0 times
Lucy
20 days ago
Creating a VPC Service Controls service perimeter could add an extra layer of security to protect the sensitive data.
upvoted 0 times
...
Ezekiel
1 months ago
Configuring Cloud External Key Manager to handle encryption and decryption also sounds like a secure option.
upvoted 0 times
...
Isidra
1 months ago
I think using Customer Managed Encryption Keys for encryption and decryption is a good choice.
upvoted 0 times
...
Ashleigh
1 months ago
I agree, encrypting the data before upload and decrypting during processing is crucial for data protection.
upvoted 0 times
...
...
Han
2 months ago
Hmm, I think the answer is C and E. Maintaining full control of encryption keys is key here, and the Cloud External Key Manager and Customer Managed Encryption Keys options seem to cover that requirement.
upvoted 0 times
Laila
2 months ago
Yes, those options ensure that we maintain full control of encryption keys and encrypt the sensitive data before uploading it to Cloud Storage.
upvoted 0 times
...
Crista
2 months ago
I agree, C and E seem to be the best options to meet the data protection requirements.
upvoted 0 times
...
...
Avery
2 months ago
So, we should choose options C and E to meet the data protection requirements.
upvoted 0 times
...
Devorah
2 months ago
I agree, we should also decrypt the sensitive data during processing in the Compute Engine VMs.
upvoted 0 times
...
Avery
2 months ago
I think we need to encrypt the sensitive data before uploading it to Cloud Storage.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77