Google Cloud Professional Cloud Security Engineer Practice Exam

To ensure all virtual machines in your organization encrypt sensitive health data while in use, what policy is necessary?

• A. Implement a universal encryption scheme
• B. Enforce the use of Confidential VM instances
• C. Create separate encryption keys per VM
• D. Disable data sharing among VMs

The correct answer is: Enforce the use of Confidential VM instances

Enforcing the use of Confidential VM instances is the necessary policy to ensure that all virtual machines encrypt sensitive health data while in use. Confidential VMs are designed to protect data while it is being processed by using hardware-based security features and trusted execution environments. This means that data is encrypted in memory, ensuring that it is secure from unauthorized access even when it is actively in use. This type of implementation is particularly crucial for sensitive data such as health information, which must comply with various privacy regulations and standards. Confidential computing mitigates risks associated with data leaks and ensures compliance with policies demanding high levels of data protection. Other options do not address the specific requirement for securing data while in use. A universal encryption scheme or separate encryption keys per VM focuses on data at rest and data in transit rather than data in use. While these are important aspects of a comprehensive data security strategy, they do not provide the active protection offered by Confidential VM instances necessary for safeguarding sensitive data during processing. Disabling data sharing among VMs may limit data exposure but does not inherently provide encryption or access control during data processing.