🔥 3-day streak
Professional Cloud Security Engineer57 / 152
Question 57 of 152
A financial services company has a strict compliance requirement that Google must never have the ability to independently decrypt data stored on Compute Engine persistent disks. The security team wants to supply and manage the raw encryption key material themselves, storing keys entirely outside of Google Cloud in their on-premises HSM. They must provide the key each time a disk is created, attached, or a VM is started. Which encryption approach meets these requirements?
Reviewed for accuracy · Report an issueNext question