ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 136 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 136
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your security team uses encryption keys to ensure confidentiality of user data. You want to establish a process to reduce the impact of a potentially compromised symmetric encryption key in Cloud Key Management Service (Cloud KMS).
Which steps should your team take before an incident occurs? (Choose two.)

  • A. Disable and revoke access to compromised keys.
  • B. Enable automatic key version rotation on a regular schedule.
  • C. Manually rotate key versions on an ad hoc schedule.
  • D. Limit the number of messages encrypted with each key version.
  • E. Disable the Cloud KMS API.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by [deleted] at Sept. 12, 2022, 5:40 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
parasthakur
Highly Voted 2 years, 4 months ago
Selected Answer: BD
Should be BD. A is wrong because there is no comprise happened as the question states "before an incident". As per document "Limiting the number of messages encrypted with the same key version helps prevent attacks enabled by cryptanalysis." https://cloud.google.com/kms/docs/key-rotation
upvoted 10 times
...
zellck
Highly Voted 2 years, 4 months ago
Selected Answer: BD
BD is the answer. The steps need to be done BEFORE an incident occurs.
upvoted 9 times
AzureDP900
2 years, 3 months ago
Yes, B and D
upvoted 4 times
...
...
glb2
Most Recent 10 months, 3 weeks ago
Selected Answer: AB
A. Disable and revoke access to compromised keys. B. Enable automatic key version rotation on a regular schedule.
upvoted 1 times
glb2
10 months, 2 weeks ago
I think I made a mistake. After consideration the correct answer is B and D.
upvoted 1 times
...
...
PST21
2 years, 1 month ago
You want to reduce the impact - which will be post the issue has occurred so has to be AB. If asked for preventive steps then B &D.
upvoted 2 times
...
spiritix821
2 years, 1 month ago
https://cloud.google.com/kms/docs/key-rotation -> "If you suspect that a key version is compromised, disable it and revoke access to it as soon as possible" so A could be correct. do you agree?
upvoted 2 times
...
AwesomeGCP
2 years, 4 months ago
Selected Answer: BD
B. Enable automatic key version rotation on a regular schedule. D. Limit the number of messages encrypted with each key version.
upvoted 3 times
...
GHOST1985
2 years, 4 months ago
Selected Answer: BD
Answers BD
upvoted 1 times
...
parasthakur
2 years, 4 months ago
Should be BD. A is wrong because there is no comprise happened as the question states "before an incident". As per document "Limiting the number of messages encrypted with the same key version helps prevent attacks enabled by cryptanalysis." https://cloud.google.com/kms/docs/key-rotation
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel