Answer-first summary for fast verification
Answer: Create a new BigQuery table and Pub/Sub topic by using customer-managed encryption keys (CMEK), and migrate the data from the old BigQuery table.
Option D is the correct answer because it fully aligns with the organization's new policy of using keys from a centralized Cloud Key Management Service (Cloud KMS) project to encrypt data at rest. This option ensures that both the ingestion mechanism (Pub/Sub) and the storage component (BigQuery) use customer-managed encryption keys (CMEK). By creating a new Pub/Sub topic with CMEK and a new BigQuery table with CMEK, and then migrating the data from the old BigQuery table, the organization ensures that all data, both newly ingested and historical, is encrypted with the required keys from the centralized Cloud KMS. This meets the organization’s requirements comprehensively, covering both new and existing data.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are working with a BigQuery table that currently ingests data directly from a Pub/Sub subscription. This ingested data is encrypted using a Google-managed encryption key. Your organization has introduced a new policy stipulating that all data at rest must be encrypted using keys from a centralized Cloud Key Management Service (Cloud KMS) project. How should you proceed to comply with this new organizational policy?
A
Use Cloud KMS encryption key with Dataflow to ingest the existing Pub/Sub subscription to the existing BigQuery table.
B
Create a new BigQuery table by using customer-managed encryption keys (CMEK), and migrate the data from the old BigQuery table.
C
Create a new Pub/Sub topic with CMEK and use the existing BigQuery table by using Google-managed encryption key.
D
Create a new BigQuery table and Pub/Sub topic by using customer-managed encryption keys (CMEK), and migrate the data from the old BigQuery table.
No comments yet.