You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer. What should you do?
A) Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.
B) Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.
C) Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.
D) Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.
Correct Answer:
Verified
Q29: Applications often require access to "secrets" -
Q30: An organization adopts Google Cloud Platform (GCP)
Q31: Your company is using GSuite and has
Q32: A large e-retailer is moving to Google
Q33: While migrating your organization's infrastructure to GCP,
Q35: You are a member of the security
Q36: Your company runs a website that will
Q37: You want to evaluate GCP for PCI
Q38: A large financial institution is moving its
Q39: A customer's company has multiple business units.
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents