Google Cloud Professional Cloud Security Engineer — Question 56

You are asked to recommend a solution to store and retrieve sensitive configuration data from an application that runs on Compute Engine. Which option should you recommend?

Answer options

• A. Cloud Key Management Service
• B. Compute Engine guest attributes
• C. Compute Engine custom metadata
• D. Secret Manager

Correct answer: D

Explanation

The correct answer is D, Secret Manager, as it is specifically designed for securely storing and managing sensitive information. While Cloud Key Management Service (A) is useful for managing cryptographic keys, it is not focused on configuration data. Compute Engine guest attributes (B) and custom metadata (C) are not secure enough for sensitive information, as they can be accessed easily by users with the appropriate permissions.