Google Cloud Professional Cloud Security Engineer Practice Exam

What is the best method to ensure compliance with FIPS 140-2 for a messaging app using GCP services?

• A. Use Local SSDs exclusively for all data storage
• B. Encrypt all cache storage and communications with BoringCrypto
• C. Enable firewall rules on all Compute Engine instances
• D. Implement VPN for all external communications

The correct answer is: Encrypt all cache storage and communications with BoringCrypto

To ensure compliance with FIPS 140-2, the correct approach would be to encrypt all cache storage and communications with BoringCrypto. FIPS 140-2 stipulates specific requirements for cryptographic modules that protect sensitive data. By using a FIPS-validated cryptographic library like BoringCrypto, which is designed to meet those regulatory standards, you can make sure that all data in transit and at rest is secured using algorithms and key management practices that are recognized for compliance. This method directly addresses the need for strong encryption standards inherent in FIPS 140-2. Ensuring that both cache storage and communications are encrypted aligns with the compliance requirements for protecting sensitive information throughout its lifecycle. In contrast, relying on local SSDs for data storage, implementing firewall rules, or establishing a VPN may provide security benefits but do not specifically address the requirement for FIPS-compliant encryption. While firewalls can protect network boundaries and VPNs secure communications, neither of these measures guarantee that the data is encrypted in a manner compliant with FIPS 140-2 standards. Thus, they do not serve as a complete solution for ensuring compliance in the context of this messaging app.