Answer-first summary for fast verification
Answer: Import a key in Cloud KMS. Create a dataset in BigQuery using the customer-supplied key option and select the created key.
The correct answer is D. This is because the question specifies that the encryption keys must be generated outside of Google Cloud, which means options A and B are invalid since they involve generating keys within Google Cloud using Cloud KMS. Option C involves decrypting data before storing it in BigQuery, which defeats the purpose of maintaining encryption for sensitive data. Hence, the correct solution is to import a key into Cloud KMS and then create a BigQuery dataset using the customer-supplied key option, which aligns with the requirement to manage encryption keys outside of Google Cloud.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are designing a Data Warehouse on Google Cloud and want to store sensitive data in BigQuery. Due to stringent security policies, your company requires you to generate the encryption keys outside of Google Cloud. This ensures that the encryption keys are managed and controlled internally before being utilized within Google Cloud services. You need to implement a solution that adheres to these requirements. What should you do?
A
Generate a new key in Cloud Key Management Service (Cloud KMS). Store all data in Cloud Storage using the customer-managed key option and select the created key. Set up a Dataflow pipeline to decrypt the data and to store it in a new BigQuery dataset.
B
Generate a new key in Cloud KMS. Create a dataset in BigQuery using the customer-managed key option and select the created key.
C
Import a key in Cloud KMS. Store all data in Cloud Storage using the customer-managed key option and select the created key. Set up a Dataflow pipeline to decrypt the data and to store it in a new BigQuery dataset.
D
Import a key in Cloud KMS. Create a dataset in BigQuery using the customer-supplied key option and select the created key.
No comments yet.