ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 136 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 136
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your security team uses encryption keys to ensure confidentiality of user data. You want to establish a process to reduce the impact of a potentially compromised symmetric encryption key in Cloud Key Management Service (Cloud KMS).
Which steps should your team take before an incident occurs? (Choose two.)

  • A. Disable and revoke access to compromised keys.
  • B. Enable automatic key version rotation on a regular schedule.
  • C. Manually rotate key versions on an ad hoc schedule.
  • D. Limit the number of messages encrypted with each key version.
  • E. Disable the Cloud KMS API.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by [deleted] at Sept. 12, 2022, 5:40 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
parasthakur
Highly Voted 2 years, 1 month ago
Selected Answer: BD
Should be BD. A is wrong because there is no comprise happened as the question states "before an incident". As per document "Limiting the number of messages encrypted with the same key version helps prevent attacks enabled by cryptanalysis." https://cloud.google.com/kms/docs/key-rotation
upvoted 10 times
...
zellck
Highly Voted 2 years, 1 month ago
Selected Answer: BD
BD is the answer. The steps need to be done BEFORE an incident occurs.
upvoted 9 times
AzureDP900
1 year, 12 months ago
Yes, B and D
upvoted 4 times
...
...
glb2
Most Recent 7 months, 2 weeks ago
Selected Answer: AB
A. Disable and revoke access to compromised keys. B. Enable automatic key version rotation on a regular schedule.
upvoted 1 times
glb2
7 months, 1 week ago
I think I made a mistake. After consideration the correct answer is B and D.
upvoted 1 times
...
...
[Removed]
1 year, 3 months ago
Selected Answer: AB
A,B Keys get stolen by attacker then attacker infiltrates the network using those keys. The incident/compromise is when the attacker penetrates and steals data not when the key is stolen. Theft happens when the burglar enters your house and steal stuff not when they make a copy of your house key. If you suspect someone made a copy of your key you go and change the locks and throw away your compromised keys before the incident occurs. So we're in the situation where there are "potentially compromised" keys and need to take action before the attacker uses the keys and hacks the company. We disable access to potentially compromised keys and rotate. https://cloud.google.com/kms/docs/key-rotation "If you suspect that a key version is compromised, disable it and revoke access to it as soon as possible."
upvoted 2 times
[Removed]
1 year, 3 months ago
That said, they did say "establish a process" which might indicate it's due diligence rather response to an actual key compromise. So I can see how B, D could be correct. Poorly worded question overall.
upvoted 2 times
...
...
PST21
1 year, 10 months ago
You want to reduce the impact - which will be post the issue has occurred so has to be AB. If asked for preventive steps then B &D.
upvoted 2 times
...
spiritix821
1 year, 10 months ago
https://cloud.google.com/kms/docs/key-rotation -> "If you suspect that a key version is compromised, disable it and revoke access to it as soon as possible" so A could be correct. do you agree?
upvoted 2 times
...
AwesomeGCP
2 years ago
Selected Answer: BD
B. Enable automatic key version rotation on a regular schedule. D. Limit the number of messages encrypted with each key version.
upvoted 3 times
...
GHOST1985
2 years ago
Selected Answer: BD
Answers BD
upvoted 1 times
...
parasthakur
2 years, 1 month ago
Should be BD. A is wrong because there is no comprise happened as the question states "before an incident". As per document "Limiting the number of messages encrypted with the same key version helps prevent attacks enabled by cryptanalysis." https://cloud.google.com/kms/docs/key-rotation
upvoted 1 times
...
[Removed]
2 years, 1 month ago
Selected Answer: AB
should be AB.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago