Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
You are consulting with a client that requires end-to-end encryption of application data (including data in transit, data in use, and data at rest) within Google Cloud. Which options should you utilize to accomplish this? (Choose two.)
Confidential Computing enables encryption for "data-in-use"
Client Side encryption enables security for "data in transit" from Customer site to GCP
Once data is at rest, use Google's default encryption for "data at rest"
I feel this should be DE.
Confidential Computing enables encryption for "data-in-use"
Client Side encryption enables security for "data in transit" from Customer site to GCP
Once data is at rest, use Google's default encryption for "data at rest"
Answer BD.
To accomplish end-to-end encryption of application data within Google Cloud, including data in transit, data in use, and data at rest, you should utilize the following options:
B. Customer-supplied encryption keys
- Customer-supplied encryption keys (CSEK) allow you to use your own encryption keys to protect your data at rest in Google Cloud, ensuring that your data is encrypted with keys that you control.
D. Confidential Computing and Istio
- Confidential Computing provides a hardware-based trusted execution environment (TEE) to protect data in use, ensuring that sensitive workloads and data remain encrypted while being processed. Istio can be used for securing data in transit within Google Cloud.
Therefore, the correct answers are:
**B. Customer-supplied encryption keys**
**D. Confidential Computing and Istio**
Option E (Client-side encryption) typically refers to encrypting data on the client side before sending it to the cloud, and it can complement the other options but is not one of the primary mechanisms for achieving end-to-end encryption within Google Cloud itself.
Google Cloud customers with additional requirements for encryption of data over WAN can choose to implement further protections for data as it moves from a user to an application, or virtual machine to virtual machine. These protections include IPSec tunnels, Gmail S/MIME, managed SSL certificates, and Istio.
https://cloud.google.com/docs/security/encryption-in-transit
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
GHOST1985
Highly Voted 1 year, 7 months agoBaburao
Highly Voted 1 year, 8 months agoMFay
Most Recent 2 weeks, 3 days agodesertlotus1211
8 months, 1 week agoAndrei_Z
8 months, 2 weeks agodesertlotus1211
8 months, 1 week agocyberpunk21
8 months, 4 weeks agoTNT87
1 year, 2 months agogcpengineer
1 year agopmriffo
1 year, 5 months agoLittleivy
1 year, 6 months agoAwesomeGCP
1 year, 7 months agozellck
1 year, 7 months ago