Google Cloud Professional Cloud Security Engineer — Question 351

Your organization has an internet-facing application behind a load balancer. Your regulators require end-to-end encryption of user login credentials. You must implement this requirement. What should you do?

Answer options

• A. Generate a symmetric key with Cloud KMS. Encrypt client-side user credentials by using the symmetric key.
• B. Concatenate the credential with a timestamp. Submit the timestamp and hashed value of credentials to the network.
• C. Deploy the TLS certificate at Google Cloud Global HTTPs Load Balancer, and submit the user credentials through HTTPs.
• D. Generate an asymmetric key with Cloud KMS. Encrypt client-side user credentials using the public key.

Correct answer: C

Explanation

The correct answer is C because deploying a TLS certificate at the Google Cloud Global HTTPs Load Balancer ensures that user credentials are transmitted securely over HTTPS, meeting the requirement for end-to-end encryption. Options A and D involve client-side encryption, which does not guarantee end-to-end security as the data could be intercepted prior to encryption. Option B does not provide true encryption and relies on hashing, which does not protect the credentials during transmission.