PCSE Ensuring data protection

Two designs were proposed. Design A would rotate encryption keys automatically. Design B would store API keys securely. The team must pick the approach aligned with vendor best practices. Which choice is correct?

Multiple choice — select one answer

Answer choices

  1. a. Secret Manager
  2. b. Keys in git
  3. c. Never rotate (not recommended for production workloads)
  4. d. Cloud KMS automatic rotation

Architectural breakdown & explanation

Rotation limits key compromise window. Compare with Secret Manager: Secret Manager versions secrets.

Correct answer(s): d. Cloud KMS automatic rotation

Exam domain: Ensuring data protection (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the Google Professional Cloud Security Engineer bank. Run a full timed practice exam with domain-weighted random questions in your browser.