Google Cloud Professional Cloud Security Engineer — Question 286
You are consulting with a client that requires end-to-end encryption of application data (including data in transit, data in use, and data at rest) within Google Cloud.
Which options should you utilize to accomplish this? (Choose two.)
Answer options
- A. External Key Manager
- B. Customer-supplied encryption keys
- C. Hardware Security Module
- D. Confidential Computing and Istio
- E. Client-side encryption
Correct answer: D, E
Explanation
The correct answer is D and E because Confidential Computing protects data in use through secure enclaves, while Istio can encrypt data in transit. Client-side encryption allows data to be encrypted before it is sent to the cloud, ensuring data is secure during transmission and at rest. The other options do not provide the same level of end-to-end encryption across all states of data.