Google Professional Data Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
You are looking to archive data in Cloud Storage while ensuring maximum security due to the sensitivity of some of the data. To achieve this, you aim to implement the Trust No One (TNO) encryption strategy, which ensures that even the cloud provider staff cannot decrypt your data. What steps should you take to accomplish this?
Explanation:
The correct answer is D. Options A and B involve using Google Cloud Key Management Service (KMS) to manage keys, which does not align with the Trust No One (TNO) approach because cloud provider staff could potentially access the keys stored in Google Cloud KMS. Option C is incorrect because Memorystore is essentially a cache service and not suitable for permanent storage of the encryption key. Option D specifies using a customer-supplied encryption key (CSEK) and saving the key in a different project that only the security team can access, achieving the TNO goal by ensuring that the cloud provider staff do not have access to the keys.