Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Google Discussions

Exam Professional Cloud Security Engineer topic 1 question 235 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 235
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You are setting up a new Cloud Storage bucket in your environment that is encrypted with a customer managed encryption key (CMEK). The CMEK is stored in Cloud Key Management Service (KMS), in project “prj-a”, and the Cloud Storage bucket will use project “prj-b”. The key is backed by a Cloud Hardware Security Module (HSM) and resides in the region europe-west3. Your storage bucket will be located in the region europe-west1. When you create the bucket, you cannot access the key, and you need to troubleshoot why.

What has caused the access issue?

  • A. A firewall rule prevents the key from being accessible.
  • B. Cloud HSM does not support Cloud Storage.
  • C. The CMEK is in a different project than the Cloud Storage bucket.
  • D. The CMEK is in a different region than the Cloud Storage bucket.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by MisterHairy at Nov. 21, 2023, 10:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
irmingard_examtopics
1 week, 6 days ago
Selected Answer: D
You must create the Cloud KMS key ring in the same location as the data you intend to encrypt. For example, if your bucket is located in US-EAST1, any key ring used for encrypting objects in that bucket must also be created in US-EAST1. https://cloud.google.com/storage/docs/encryption/customer-managed-keys#restrictions
upvoted 1 times
...
Bettoxicity
3 weeks, 4 days ago
Selected Answer: C
CMEK Project Mismatch: By default, CMEKs can only be accessed by services within the same GCP project where the key resides (prj-a in this case). Your Cloud Storage bucket is in a different project (prj-b). Why not D?: CMEK Region Disparity: CMEKs can be accessed from any region within GCP, so the difference between europe-west3 (CMEK location) and europe-west1 (bucket location) shouldn't be the primary cause.
upvoted 1 times
...
dija123
1 month, 2 weeks ago
Selected Answer: C
By default, Google Cloud projects operate in isolation. Resources in one project cannot automatically access resources in another project, even within the same region. This security principle prevents unauthorized access to sensitive data or actions.
upvoted 1 times
...
i_am_robot
4 months, 2 weeks ago
Selected Answer: D
The access issue is caused by the fact that the CMEK is in a different region than the Cloud Storage bucket. According to the Google Cloud documentation, the location of the Cloud KMS key must match the storage location of the resource it is intended to encrypt. Since the CMEK resides in the region europe-west3 and the storage bucket is located in the region europe-west1, this mismatch is the reason why the key cannot be accessed when creating the bucket. Therefore, the correct answer is: D. The CMEK is in a different region than the Cloud Storage bucket
upvoted 3 times
...
NaikMN
4 months, 2 weeks ago
D https://cloud.google.com/sql/docs/mysql/cmek
upvoted 1 times
dija123
1 month ago
this link is about sql not Cloud storage, Cloud Storage with CMEK is more flexible regarding regions.
upvoted 1 times
...
...
MisterHairy
5 months, 1 week ago
Selected Answer: D
The correct answer is D. The CMEK is in a different region than the Cloud Storage bucket. When you use a customer-managed encryption key (CMEK) to secure a Cloud Storage bucket, the key and the bucket must be located in the same region. In this case, the key is in europe-west3 and the bucket is in europe-west1, which is why you’re unable to access the key.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel