Google Cloud Professional Cloud Security Engineer Practice Exam

What is the recommended solution for storing sensitive configuration data from a Compute Engine application?

• A. Cloud Firestore
• B. Cloud Storage
• C. Secret Manager
• D. Cloud SQL

The correct answer is: Secret Manager

The recommended solution for storing sensitive configuration data from a Compute Engine application is Secret Manager. This service is specifically designed to securely manage and store sensitive information, such as API keys, passwords, and certificates. It offers a centralized and secure way to access these secrets, ensuring that they are protected using encryption both at rest and in transit. Secret Manager integrates well with other Google Cloud services, allowing applications to retrieve secrets programmatically while maintaining strict access controls. It also supports automatic rotation of secrets, which enhances security by minimizing the risk of credential exposure over time. Furthermore, it provides auditing capabilities, enabling you to track access to sensitive data and helping you conform to compliance requirements. While the other options, like Cloud Firestore, Cloud Storage, and Cloud SQL, can store data, they are not specifically designed with security-oriented features for sensitive information. For instance, Cloud Firestore is a database service suited for structured data but does not provide the same level of secret management features. Cloud Storage is primarily meant for unstructured data storage and lacks built-in capabilities to manage sensitive configuration data securely. Cloud SQL is a relational database service, which might be useful for application data storage but is not optimized for secret management like Secret Manager.