Google Cloud Professional Cloud Security Engineer — Question 8

A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?

Answer options

• A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
• B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
• C. Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
• D. Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.

Correct answer: B

Explanation

The correct answer is B because encrypting the secrets with a Customer-Managed Encryption Key (CMEK) before storing them in Cloud Storage ensures that the sensitive data is not exposed in plain text. Options A and C do not provide proper encryption for the secrets, and option D does not address the need for secure storage of sensitive information.