🔥 3-day streak
Professional Cloud Architect65 / 169
Question 65 of 169

A defense contractor must store classified project data in Google Cloud but is contractually required to retain sole physical custody of all encryption keys, with keys never leaving their on-premises hardware security module. They also need the ability to instantly revoke Google's access to the plaintext data by cutting off key access, and they must prove that Google cannot decrypt data without their live authorization. Which key management approach satisfies these requirements?

Reviewed for accuracy · Report an issueNext question