Google Cloud Professional Cloud DevOps Engineer — Question 68

You are deploying an application that needs to access sensitive information. You need to ensure that this information is encrypted and the risk of exposure is minimal if a breach occurs. What should you do?

Answer options

• A. Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently
• B. Inject the secret at the time of instance creation via an encrypted configuration management system.
• C. Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application.
• D. Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.

Correct answer: A

Explanation

Storing encryption keys in Cloud Key Management Service (KMS) and rotating them frequently is crucial for maintaining security, especially for sensitive information. Other options either do not ensure adequate encryption of the keys or do not address the risk of exposure effectively, such as simply using a configuration management system or a build pipeline without a focused key management strategy.