Google Professional Data Engineer
Get started today
Ultimate access to all questions.
You have configured a system where streaming data is inserted into a Redis cluster through a Kafka cluster. Both Redis and Kafka clusters are hosted on Compute Engine instances. Your objective is to ensure that the data at rest is encrypted. Furthermore, you require the capability to create, rotate, and destroy encryption keys as necessary. What steps should you take to achieve this?
You have configured a system where streaming data is inserted into a Redis cluster through a Kafka cluster. Both Redis and Kafka clusters are hosted on Compute Engine instances. Your objective is to ensure that the data at rest is encrypted. Furthermore, you require the capability to create, rotate, and destroy encryption keys as necessary. What steps should you take to achieve this?
Explanation:
The correct answer is B. By creating encryption keys in Cloud Key Management Service (KMS), you can easily manage the lifecycle of these keys, including creation, rotation, and destruction. This method reduces the risk associated with transferring keys and leverages the security and compliance features of Cloud KMS, ensuring that your data is encrypted at rest in your Compute Engine cluster instances.