Question 9

Question

You need to follow Google-recommended practices to leverage envelope encryption and encrypt
data at the application layer.
What should you do?

Accepted Answer

Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key
encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the
encrypted DEK.

Hannah · Answer

A. Store the encrypted DEK alongside the data, KEK goes in Cloud KMS. Follows envelope encryption and Google guidance.

Leo P. · Answer

Its A seen a similar one in exam reports, KMS KEK wraps local DEK then store both encrypted.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE