Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam Professional Cloud Architect topic 8 question 5 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 5
Topic #: 8
[All Professional Cloud Architect Questions]

For this question, refer to the Dress4Win case study. You are responsible for the security of data stored in Cloud Storage for your company, Dress4Win. You have already created a set of Google Groups and assigned the appropriate users to those groups. You should use Google best practices and implement the simplest design to meet the requirements.
Considering Dress4Win's business and technical requirements, what should you do?

  • A. Assign custom IAM roles to the Google Groups you created in order to enforce security requirements. Encrypt data with a customer-supplied encryption key when storing files in Cloud Storage.
  • B. Assign custom IAM roles to the Google Groups you created in order to enforce security requirements. Enable default storage encryption before storing files in Cloud Storage.
  • C. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Utilize Google's default encryption at rest when storing files in Cloud Storage.
  • D. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Ensure that the default Cloud KMS key is set before storing files in Cloud Storage.
Show Suggested Answer Hide Answer

Suggested Answer: A

Comments

JoeShmoe
3 months, 1 week ago
C is the simplest
upvoted 7 times
AWS56
1 month, 1 week ago
I am a bit confused "You should use Google best practices and implement the simplest design to meet the requirements." ---> Simplest -- agree with D, but for googles best practice I will go with A
upvoted 2 times
AWS56
1 month, 1 week ago
Ignore my comment, Agree C is the simple -- https://cloud.google.com/compute/docs/disks/customer-supplied-encryption
upvoted 2 times
...
rockstar9622
1 month, 1 week ago
c is correct - going by simplest design whereas google manages the encrytion though by default and thats sufficient
upvoted 1 times
...
...
...
newbie2020
1 month ago
There 2 requirements 1) best practices = least privilege = custom role 2) simplest = default encryption as : If you use customer-supplied encryption keys or client-side encryption, you must securely manage your keys and ensure that they are not lost. If you lose your keys, you are no longer able to read your data, and you continue to be charged for storage of your objects until you delete them.
upvoted 1 times
...
ADVIT
1 week, 2 days ago
Looks like it's C
upvoted 1 times
...
KNG
2 days, 1 hour ago
https://cloud.google.com/iam/docs/using-iam-securely, and "implement the simplest design" Should be C
upvoted 1 times
...

SaveCancel