🔥 3-day streak
Professional Cloud Security Engineer34 / 152
Question 34 of 152

A development team needs to encrypt large volumes of application data (multi-gigabyte objects) at the application layer before storing them in Cloud Storage. Cloud KMS has a payload size limit of 64 KiB per encrypt/decrypt request, so calling the KMS API directly on each large object is not feasible. The security team requires that the encryption approach still centralize key control in Cloud KMS and support key rotation. What is the recommended technique?

Reviewed for accuracy · Report an issueNext question