As a member of the data governance team, you are responsible for enforcing security requirements. Your current task involves encrypting all data stored in BigQuery, using an encryption key that your team manages. You are required to create a mechanism for generating and storing encryption material exclusively within your on-premises hardware security module (HSM). While achieving this, you also want to utilize Google-managed solutions. How should you proceed to meet these requirements?

Exam-Like

Create the encryption key in the on-premises HSM, and import it into a Cloud Key Management Service (Cloud KMS) key. Associate the created Cloud KMS key while creating the BigQuery resources.

13.6%

Create the encryption key in the on-premises HSM and link it to a Cloud External Key Manager (Cloud EKM) key. Associate the created Cloud EKM key while creating the BigQuery resources.

65.9%

Create the encryption key in the on-premises HSM, and import it into Cloud Key Management Service (Cloud HSM) key. Associate the created Cloud HSM key while creating the BigQuery resources.

13.6%

Create the encryption key in the on-premises HSM. Create BigQuery resources and encrypt data while ingesting them into BigQuery.

6.8%

Google Professional Data Engineer

Get started today

Comments