When architecting a hybrid cloud solution for an organization with strict compliance requirements, needing encryption of data both in transit and at rest, which combination of GCP services and features should be utilized?
Choose an answer
Tap an option to check your answer.
Correct answer: VPC Service Controls and Customer-Managed Encryption Key (CMEK) in Cloud Storage.
Why this is the answer
*For a hybrid cloud solution with strict compliance requirements, including the need for encryption of data both in transit and at rest, the combination of VPC Service Controls and Customer-Managed Encryption Key (CMEK) in Cloud Storage is most appropriate. VPC Service Controls provide enhanced security by creating a secure perimeter for GCP resources, protecting data in transit and mitigating data exfiltration risks. Incorporating CMEK in Cloud Storage allows for encryption of data at rest, with the organization managing its own encryption keys, thus providing additional control and compliance. This combination ensures a high level of data protection and integrity, addressing both transit and rest encryption requirements. Other options like VPN with IAP or HTTPS Load Balancing may provide secure data transfer, but they do not offer comprehensive solutions for data encryption both in transit and at rest as required by strict compliance mandates.*
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed