Google Cloud Professional Cloud Security Engineer — Question 134

Your organization processes sensitive health information. You want to ensure that data is encrypted while in use by the virtual machines (VMs). You must create a policy that is enforced across the entire organization.

What should you do?

Answer options

• A. Implement an organization policy that ensures that all VM resources created across your organization use customer-managed encryption keys (CMEK) protection.
• B. Implement an organization policy that ensures all VM resources created across your organization are Confidential VM instances.
• C. Implement an organization policy that ensures that all VM resources created across your organization use Cloud External Key Manager (EKM) protection.
• D. No action is necessary because Google encrypts data while it is in use by default.

Correct answer: B

Explanation

The correct answer is B, as Confidential VM instances provide encryption for data in use, which is essential for handling sensitive health information. Options A and C refer to key management strategies that do not specifically address data in use, and option D is incorrect because it does not acknowledge the specific needs of sensitive data processing.