Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Exam Professional Cloud Security Engineer Topic 2 Question 80 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 80
Topic #: 2
[All Professional Cloud Security Engineer Questions]

You are setting up a new Cloud Storage bucket in your environment that is encrypted with a customer managed encryption key (CMEK). The CMEK is stored in Cloud Key Management Service (KMS). in project "pr j -a", and the Cloud Storage bucket will use project "prj-b". The key is backed by a Cloud Hardware Security Module (HSM) and resides in the region europe-west3. Your storage bucket will be located in the region europe-west1. When you create the bucket, you cannot access the key. and you need to troubleshoot why.

What has caused the access issue?

Show Suggested Answer Hide Answer
Suggested Answer: D

When you use a customer-managed encryption key (CMEK) to secure a Cloud Storage bucket, the key and the bucket must be located in the same region. In this case, the key is in europe-west3 and the bucket is in europe-west1, which is why you're unable to access the key.


Contribute your Thoughts:

Larae
10 months ago
A) A firewall rule prevents the key from being accessible. Wouldn't that be just my luck? I bet the network team is laughing it up right now.
upvoted 0 times
...
Dudley
10 months ago
I bet the person setting this up was like, 'Hey, let's make this extra complicated!' C'mon, just put the key and the bucket in the same project, it's not rocket science!
upvoted 0 times
...
Youlanda
10 months ago
D) The CMEK is in a different region than the Cloud Storage bucket. Gotta make sure those are aligned, or else you're gonna have a bad time.
upvoted 0 times
Brigette
9 months ago
D) The CMEK is in a different region than the Cloud Storage bucket. Gotta make sure those are aligned, or else you're gonna have a bad time.
upvoted 0 times
...
Thad
10 months ago
C) The CMEK is in a different project than the Cloud Storage bucket
upvoted 0 times
...
Laticia
10 months ago
A) A firewall rule prevents the key from being accessible.
upvoted 0 times
...
...
Lavonda
10 months ago
C) The CMEK is in a different project than the Cloud Storage bucket. That's the key issue here. The projects need to match for the encryption to work properly.
upvoted 0 times
Emelda
9 months ago
D) The CMEK is in a different region than the Cloud Storage bucket.
upvoted 0 times
...
Abel
10 months ago
C) The CMEK is in a different project than the Cloud Storage bucket. That's the key issue here.
upvoted 0 times
...
Earlean
10 months ago
C) The CMEK is in a different project than the Cloud Storage bucket. That's the key issue here. The projects need to match for the encryption to work properly.
upvoted 0 times
...
Susy
10 months ago
A) A firewall rule prevents the key from being accessible.
upvoted 0 times
...
Giovanna
10 months ago
C
upvoted 0 times
...
Artie
10 months ago
C
upvoted 0 times
...
Merilyn
10 months ago
A) A firewall rule prevents the key from being accessible.
upvoted 0 times
...
...
Paris
10 months ago
I agree with Vincent. The key needs to be in the same project as the bucket for access.
upvoted 0 times
...
Vincent
10 months ago
I think the issue is that the CMEK is in a different project than the Cloud Storage bucket.
upvoted 0 times
...

Save Cancel