Your company requires encryption of data both in transit and at rest. Which combination of GCP features provides this?

  1. HTTPS and Cloud Storage encryption
  2. VPC Service Controls only
  3. TLS for transit and Google-managed encryption for rest ✓
  4. Cloud Storage only

Correct answer: TLS for transit and Google-managed encryption for rest

Option C is correct because TLS (Transport Layer Security) encrypts data in transit between clients and GCP services, while Google-managed encryption (using AES-256 by default) automatically encrypts all data at rest in Cloud Storage and other GCP storage services, satisfying both requirements. Option A is partially overlapping but imprecise: HTTPS implies TLS for transit, which is correct, but 'Cloud Storage encryption' alone does not convey the broader at-rest coverage across all GCP data stores, and the pairing is less precise than Option C. Option B is wrong because VPC Service Controls restrict which identities and networks can access GCP services, providing a security perimeter, but they do not themselves encrypt data in transit or at rest. Option D is wrong because Cloud Storage alone covers only object storage at rest and does not address transit encryption for network communications.

Topic: · encryption in transit, encryption at rest, tls, gcp security

Practice Google Cloud Professional Cloud Architect Questions Free