Google Cloud Professional Cloud Security Engineer — Question 180

Your organization operates in a highly regulated environment and has a stringent set of compliance requirements for protecting customer data. You must encrypt data while in use to meet regulations. What should you do?

Answer options

• A. Enable the use of customer-supplied encryption keys (CSEK) keys in the Google Compute Engine VMs to give your organization maximum control over their VM disk encryption.
• B. Establish a trusted execution environment with a Confidential VM.
• C. Use a Shielded VM to ensure a secure boot with integrity monitoring for the application environment.
• D. Use customer-managed encryption keys (CMEK) and Cloud KSM to enable your organization to control their keys for data encryption in Cloud SQL.

Correct answer: B

Explanation

The correct answer is B, as a Confidential VM provides a trusted execution environment that protects data in use, fulfilling compliance requirements. Option A pertains to controlling encryption keys but does not specifically address data in use. Option C focuses on secure boot processes, which do not directly encrypt data while in use, and option D is about managing encryption keys rather than protecting data during active processing.