Security Design — GCP PCA Practice Question 48

How to approach this question

Identify the encryption method that provides control without infrastructure overhead.

Full Answer

Use Customer-Managed Encryption Keys (CMEK), Create a Key Ring and Key in Cloud KMS

Customer-Managed Encryption Keys (CMEK) strike the balance between control and operational overhead. The keys are generated and stored in Google's Cloud Key Management Service (Cloud KMS), so Google handles the high availability. However, the customer retains full cryptographic control over the keys.

Common mistakes

Choosing CSEK (B), which forces the customer to build their own key servers.

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 5

More questions from this exam