Your application needs to authenticate with a third-party payment gateway using an API key. The security team requires that the API key is encrypted at rest, versioned, and access to it is strictly audited. Where should you store this API key?

Answer options:

Cloud Storage with CMEK enabled.

Secret Manager.

Cloud KMS.

Hardcoded in the application source code, but stored in a private Cloud Source Repository.

How to approach this question

Identify the data type: 'API key' (a secret). Match it to the GCP service designed for secrets.

Full Answer

B.Secret Manager.✓ Correct

Secret Manager.

Secret Manager is the GCP service purpose-built for storing sensitive data like API keys, database passwords, and TLS certificates. It handles versioning automatically, integrates tightly with IAM for access control, and logs all access attempts to Cloud Audit Logs.

Common mistakes

Confusing Secret Manager with Cloud KMS (C). KMS manages cryptographic keys. Secret Manager stores the actual secret payloads.

Question 32 All questions Question 34

Practice the full GCP Professional Cloud Architect Practice Exam 3

50 questions · hints · full answers · grading

More questions from this exam

Q01**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium Q02**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Hard Q03**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium Q04**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Easy Q05**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium

View all 50 questions →