You are deploying an application that needs to access sensitive information. You need to ensure that this information is encrypted and the risk of exposure is minimal if a breach occurs. What should you do?
A. Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently
B. Inject the secret at the time of instance creation via an encrypted configuration management system.
C. Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application.
D. Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
A
Explanation
A. Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently.
(https://cloud.google.com/security-key-management)
B. Inject the secret at the time of instance creation via an encrypted configuration management system.
C. Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application.
D. Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.