🔥 3-day streak
Professional Cloud Security Engineer27 / 152
Question 27 of 152

A financial services company must comply with a regulatory requirement that all cryptographic keys protecting customer payment data be generated and stored in hardware validated to FIPS 140-2 Level 3. The security team wants to use Cloud KMS to manage these keys but must ensure the private key material never exists outside a certified hardware boundary and cannot be exported. Which approach meets these requirements with the least operational overhead?

Reviewed for accuracy · Report an issueNext question