Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam Professional Cloud Architect topic 12 question 5 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 5
Topic #: 12
[All Professional Cloud Architect Questions]

For this question, refer to the Dress4Win case study. You are responsible for the security of data stored in Cloud Storage for your company, Dress4Win. You have already created a set of Google Groups and assigned the appropriate users to those groups. You should use Google best practices and implement the simplest design to meet the requirements.
Considering Dress4Win's business and technical requirements, what should you do?

  • A. Assign custom IAM roles to the Google Groups you created in order to enforce security requirements. Encrypt data with a customer-supplied encryption key when storing files in Cloud Storage.
  • B. Assign custom IAM roles to the Google Groups you created in order to enforce security requirements. Enable default storage encryption before storing files in Cloud Storage.
  • C. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Utilize Google's default encryption at rest when storing files in Cloud Storage.
  • D. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Ensure that the default Cloud KMS key is set before storing files in Cloud Storage.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
JoeShmoe
Highly Voted 4 years, 4 months ago
C is the simplest
upvoted 34 times
AWS56
4 years, 2 months ago
I am a bit confused "You should use Google best practices and implement the simplest design to meet the requirements." ---> Simplest -- agree with D, but for googles best practice I will go with A
upvoted 3 times
AWS56
4 years, 2 months ago
Ignore my comment, Agree C is the simple -- https://cloud.google.com/compute/docs/disks/customer-supplied-encryption
upvoted 4 times
tartar
3 years, 7 months ago
C is ok
upvoted 5 times
...
...
rockstar9622
4 years, 2 months ago
c is correct - going by simplest design whereas google manages the encrytion though by default and thats sufficient
upvoted 2 times
...
...
nitinz
3 years ago
ans is C
upvoted 3 times
...
kimharsh
1 year, 11 months ago
how come it's C , and for best practice we need to use Custom Roles
upvoted 1 times
...
...
newbie2020
Highly Voted 4 years, 2 months ago
There 2 requirements 1) best practices = least privilege = custom role 2) simplest = default encryption as : If you use customer-supplied encryption keys or client-side encryption, you must securely manage your keys and ensure that they are not lost. If you lose your keys, you are no longer able to read your data, and you continue to be charged for storage of your objects until you delete them.
upvoted 12 times
Dannyygcp
4 years, 1 month ago
What about option B..default encryption[which is simple to manage] + Custom role[which is secure compared to predefined and not difficult to create]
upvoted 3 times
sivass
3 years, 10 months ago
I agrre. I will go with B.
upvoted 5 times
...
...
GCP_Azure
3 years, 10 months ago
It has to be B
upvoted 4 times
Rafaa
3 years, 10 months ago
there is no option to 'enable default encyption' as such! It is provided by default if you dont do anything.
upvoted 2 times
...
...
Vika
2 years, 11 months ago
Check out this link - https://cloud.google.com/iam/docs/using-iam-securely Basic roles include thousands of permissions across all Google Cloud services. In production environments, do not grant basic roles unless there is no alternative. Instead, grant the most limited predefined roles or custom roles that meet your needs.
upvoted 1 times
...
...
Ahmed_Safwat
Most Recent 4 months, 1 week ago
Selected Answer: D
Encrypt Cloud Storage data with Cloud KMS
upvoted 1 times
...
SAMBIT
2 years ago
B custom IAM & out of box encryption
upvoted 1 times
...
joe2211
2 years, 4 months ago
Selected Answer: C
vote C
upvoted 2 times
...
kopper2019
2 years, 8 months ago
hey guys new Qs posted as of July 12th, 2021, All 21 new Qs in Question #152
upvoted 1 times
...
kopper2019
2 years, 8 months ago
hey guys new Qs posted as of July 12th, 2021, All 21 new Qs in Question #152
upvoted 1 times
...
victory108
2 years, 8 months ago
C. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Utilize Googleג€™s default encryption at rest when storing files in Cloud Storage.
upvoted 2 times
...
MamthaSJ
2 years, 8 months ago
Answer is B
upvoted 1 times
...
wilwong
2 years, 8 months ago
C is correct
upvoted 1 times
...
Pb55
2 years, 11 months ago
C. Best practice is predefined not custom. Only use custom when predefined to broard.
upvoted 1 times
...
ansh0692
2 years, 11 months ago
From "Google's best practices and simplest design" Answer should be C
upvoted 1 times
...
Skeeter
2 years, 11 months ago
Cloud storage encryption is enabled by default. Why would you need to enable it as stated in B? Answer is A, use CSEK and specify a .boto file during upload with gsutil, simple!
upvoted 2 times
Ausias18
2 years, 11 months ago
it says simple, what you say is not as easy as possible... default encryption is easier
upvoted 1 times
...
...
Ausias18
2 years, 12 months ago
Answer is B
upvoted 1 times
...
lynx256
3 years ago
IMO - C is ok. Simplest --> predefined roles + default encryption
upvoted 2 times
...
Rightsaidfred
3 years, 1 month ago
C is the 'Google' answer here :)
upvoted 1 times
...
bnlcnd
3 years, 1 month ago
although most people seems agree with C. But, in real life for major companies with public names, who don't provide their own encryption keys? I never heard of. Go with A.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...