Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Google Discussions

Exam Professional Cloud Security Engineer topic 1 question 175 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 175
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You are consulting with a client that requires end-to-end encryption of application data (including data in transit, data in use, and data at rest) within Google Cloud.
Which options should you utilize to accomplish this? (Choose two.)

  • A. External Key Manager
  • B. Customer-supplied encryption keys
  • C. Hardware Security Module
  • D. Confidential Computing and Istio
  • E. Client-side encryption
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by Baburao at Sept. 3, 2022, 7:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
GHOST1985
Highly Voted 1 year, 7 months ago
Selected Answer: DE
Confidential Computing enables encryption for "data-in-use" Client Side encryption enables security for "data in transit" from Customer site to GCP Once data is at rest, use Google's default encryption for "data at rest"
upvoted 12 times
...
Baburao
Highly Voted 1 year, 8 months ago
I feel this should be DE. Confidential Computing enables encryption for "data-in-use" Client Side encryption enables security for "data in transit" from Customer site to GCP Once data is at rest, use Google's default encryption for "data at rest"
upvoted 8 times
...
MFay
Most Recent 2 weeks, 2 days ago
Answer BD. To accomplish end-to-end encryption of application data within Google Cloud, including data in transit, data in use, and data at rest, you should utilize the following options: B. Customer-supplied encryption keys - Customer-supplied encryption keys (CSEK) allow you to use your own encryption keys to protect your data at rest in Google Cloud, ensuring that your data is encrypted with keys that you control. D. Confidential Computing and Istio - Confidential Computing provides a hardware-based trusted execution environment (TEE) to protect data in use, ensuring that sensitive workloads and data remain encrypted while being processed. Istio can be used for securing data in transit within Google Cloud. Therefore, the correct answers are: **B. Customer-supplied encryption keys** **D. Confidential Computing and Istio**
upvoted 1 times
...
desertlotus1211
8 months, 1 week ago
I'll go with answer CD: https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets#creating-key
upvoted 2 times
...
Andrei_Z
8 months, 1 week ago
Selected Answer: BD
Option E (Client-side encryption) typically refers to encrypting data on the client side before sending it to the cloud, and it can complement the other options but is not one of the primary mechanisms for achieving end-to-end encryption within Google Cloud itself.
upvoted 2 times
desertlotus1211
8 months, 1 week ago
the key in the question is 'within GCP'... So E cannot be correct
upvoted 2 times
...
...
cyberpunk21
8 months, 3 weeks ago
Selected Answer: DE
D - Ensures encryption for data in use and transit E - Ensures Encryption at rest
upvoted 2 times
...
TNT87
1 year, 2 months ago
Selected Answer: BE
Why not B, E?
upvoted 1 times
gcpengineer
12 months ago
how u will ensure data is getting encrypted at transit
upvoted 1 times
...
...
pmriffo
1 year, 5 months ago
https://cloud.google.com/compute/confidential-vm/docs/about-cvm#end-to-end_encryption
upvoted 1 times
...
Littleivy
1 year, 6 months ago
Selected Answer: DE
Google Cloud customers with additional requirements for encryption of data over WAN can choose to implement further protections for data as it moves from a user to an application, or virtual machine to virtual machine. These protections include IPSec tunnels, Gmail S/MIME, managed SSL certificates, and Istio. https://cloud.google.com/docs/security/encryption-in-transit
upvoted 4 times
...
AwesomeGCP
1 year, 7 months ago
Selected Answer: DE
D. Confidential Computing and Istio E. Client-side encryption
upvoted 3 times
...
zellck
1 year, 7 months ago
Selected Answer: AE
AE is my answer.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel