ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 294 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 294
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your organization has an internet-facing application behind a load balancer. Your regulators require end-to-end encryption of user login credentials. You must implement this requirement. What should you do?

  • A. Generate a symmetric key with Cloud KMS. Encrypt client-side user credentials by using the symmetric key.
  • B. Concatenate the credential with a timestamp. Submit the timestamp and hashed value of credentials to the network.
  • C. Deploy the TLS certificate at Google Cloud Global HTTPs Load Balancer, and submit the user credentials through HTTPs.
  • D. Generate an asymmetric key with Cloud KMS. Encrypt client-side user credentials using the public key.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by yokoyan at Sept. 6, 2024, 1:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
f983100
3 days, 1 hour ago
Selected Answer: C
C. It's the correct answer
upvoted 1 times
...
n2183712847
3 months, 1 week ago
Selected Answer: D
Option C provides encryption in transit, but it's not truly end-to-end because the load balancer must decrypt the traffic to inspect it. Option D is correct because it encrypts the credential data itself on the client, ensuring only the final backend server can ever read the plaintext, which meets the strict requirement.
upvoted 1 times
...
n2183712847
3 months, 1 week ago
Selected Answer: D
D. is the best solution for achieving true end-to-end encryption of the credentials. This method, known as asymmetric or public-key cryptography, ensures the data is encrypted on the client-side using a public key and can only be decrypted on the server-side by the corresponding private key, protecting the credential data throughout its entire transit.
upvoted 1 times
...
zanhsieh
11 months, 2 weeks ago
Selected Answer: D
I take D. End-to-end encryption should overweight scalability as the question described as "require".
upvoted 1 times
...
MoAk
1 year ago
Selected Answer: C
Initially I was with D however it then didn't seem very scalable option. I believe this is now Answer C. The load balancer would decrypt the connection to inspect the packets at L7 but would re-encrypt it (SSL bridging) for full end to end encryption. https://cloud.google.com/docs/security/encryption-in-transit#transport_layer_security
upvoted 1 times
...
f36bdb5
1 year ago
Selected Answer: D
In case of C, the Load Balancer would strip the TLS connection, making it not end to end.
upvoted 1 times
MoAk
1 year ago
Negative, LBs can indeed carry out SSL bridging.
upvoted 1 times
...
...
jmaquino
1 year ago
Selected Answer: C
C:
upvoted 2 times
...
yokoyan
1 year, 2 months ago
Selected Answer: C
I think it's C.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel