Exam Professional Cloud Security Engineer topic 1 question 104 discussion

D https://cloud.google.com/access-transparency https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/overview

D is the answer

To address your organization’s concerns about the security of highly sensitive data stored on Google Cloud, you can propose the following solution: D. Enable Access Transparency logs with Access Approval requests for Google employees. This solution provides an additional layer of control and visibility over your cloud provider by enabling you to monitor and audit the actions taken by Google personnel when accessing your content. Access Transparency logs capture the actions performed by Google Cloud administrators, allowing you to maintain an audit trail and verify cloud provider access. Access Approval requests allow you to approve or dismiss requests for access by Google employees working to support your service. By combining these features, you can gain greater oversight and control over your sensitive data on Google Cloud. Please note that this is a high-level recommendation, and it is important to evaluate your specific requirements and consult the official Google Cloud documentation for detailed implementation guidance.

Answer D - but, for "highly sensitive data" CMEK seems to be reasonable option but much easiest way is to use Transparency Logs

B is the correct answer. IAM Privileges provide fine grain controls based on the users function

Use customer-managed key to encrypt data by yourself

D is correct

Answer is D https://cloud.google.com/access-transparency Access approval Explicitly approve access to your data or configurations on Google Cloud. Access Approval requests, when combined with Access Transparency logs, can be used to audit an end-to-end chain from support ticket to access request to approval, to eventual access.