Google Cloud Professional Cloud Security Engineer Practice Exam

For data confidentiality, what encryption method is recommended for communication between Compute Engine instances?

• A. DES encryption
• B. AES encryption
• C. RSA encryption
• D. BoringCrypto module

The correct answer is: BoringCrypto module

For ensuring data confidentiality during communication between Compute Engine instances, the BoringCrypto module is recommended for its robust architecture and its ability to provide high-performance cryptographic operations. BoringCrypto is essentially a cryptography library created as a fork of OpenSSL, specifically designed to enhance security and provide better performance. It emphasizes utilizing modern encryption algorithms and protocols, ensuring that the communications are not only secure but also efficient, which is essential in a cloud environment where resources and performance matter. In contrast, options like DES and AES, while relevant in discussions about encryption, aren't the best fit for secure instance communication in a cloud context. DES is considered outdated and insecure due to its short key length. AES, while secure and widely used, does not specifically tie into the advanced optimizations and modern practices built into BoringCrypto, which has been tailored for use in environments like Google Cloud. RSA, on the other hand, is primarily an asymmetric encryption algorithm used for secure data transmission, particularly for key exchange rather than for encrypting the data itself in constant communication scenarios. Its performance is generally slower compared to symmetric encryption methods, making it less suitable for real-time communication between instances. Choosing BoringCrypto illustrates an understanding of the need for both strong security measures and the performance