🔥 3-day streak
Professional Cloud Security Engineer9 / 152
Question 9 of 152
A healthcare company is deploying a new analytics platform on Google Cloud that must comply with a regional data sovereignty regulation requiring that all cryptographic key material be generated, stored, and controlled outside of Google's infrastructure and remain in the customer's jurisdiction. The security team has created an Assured Workloads folder configured for the appropriate compliance regime. During design review, an architect asks how encryption keys should be managed to satisfy the requirement that Google must never have access to unwrapped key material. Which approach should the team adopt?
Reviewed for accuracy · Report an issueNext question