A company is using Cloud Storage to store sensitive customer data. They need to ensure data is encrypted at rest and access is controlled. Which TWO statements are true regarding data protection in Cloud Storage? (Choose two.)
Cloud Storage automatically encrypts all data at rest with Google-managed keys.
Why this answer
Option A is correct because Cloud Storage automatically encrypts all data at rest using server-side encryption with Google-managed encryption keys by default, without any additional configuration. This ensures that data is protected before it is written to disk and remains encrypted throughout its lifecycle.
Exam trap
Cisco often tests the misconception that uniform bucket-level access affects encryption or that signed URLs modify ACLs, when in fact these features operate on separate layers of the security model.