You are working with a BigQuery table that currently ingests data directly from a Pub/Sub subscription. This ingested data is encrypted using a Google-managed encryption key. Your organization has introduced a new policy stipulating that all data at rest must be encrypted using keys from a centralized Cloud Key Management Service (Cloud KMS) project. How should you proceed to comply with this new organizational policy?

Exam-Like

Use Cloud KMS encryption key with Dataflow to ingest the existing Pub/Sub subscription to the existing BigQuery table.

10.0%

Create a new BigQuery table by using customer-managed encryption keys (CMEK), and migrate the data from the old BigQuery table.

20.0%

Create a new Pub/Sub topic with CMEK and use the existing BigQuery table by using Google-managed encryption key.

6.7%

Create a new BigQuery table and Pub/Sub topic by using customer-managed encryption keys (CMEK), and migrate the data from the old BigQuery table.

63.3%

Google Professional Data Engineer