🔥 3-day streak
Professional Cloud Architect55 / 169
Question 55 of 169
A financial services company must comply with a regulation requiring that the team managing encryption keys be different from the team that operates the applications consuming those keys. Application workloads run on Compute Engine and store data in Cloud Storage encrypted with Cloud KMS. Security auditors require proof that developers cannot administer or destroy keys, while applications can still perform encrypt/decrypt operations. Which IAM design best satisfies these separation-of-duties requirements?
Reviewed for accuracy · Report an issueNext question