Google Cloud Professional Cloud Security Engineer — Question 92

You are a security engineer at a finance company. Your organization plans to store data on Google Cloud, but your leadership team is worried about the security of their highly sensitive data. Specifically, your company is concerned about internal Google employees' ability to access your company's data on Google Cloud.
What solution should you propose?

Answer options

• A. Use customer-managed encryption keys.
• B. Use Google's Identity and Access Management (IAM) service to manage access controls on Google Cloud.
• C. Enable Admin activity logs to monitor access to resources.
• D. Enable Access Transparency logs with Access Approval requests for Google employees.

Correct answer: D

Explanation

The correct answer is D because enabling Access Transparency logs with Access Approval requests allows your organization to receive notifications and approve or deny access requests from Google employees, ensuring tighter control over sensitive data access. Option A, while useful for encrypting data, does not address the specific concern of internal access. Option B focuses on managing permissions but does not provide visibility into Google's internal access. Option C helps in monitoring but does not prevent access from Google employees.