Answer-first summary for fast verification
Answer: Supply the encryption key in a .boto configuration file. Use gsutil to upload the files.
The correct answer is A. When using customer-supplied encryption keys (CSEK) with Google Cloud Storage and gsutil, the encryption key needs to be supplied in a .boto configuration file. The gsutil command does not support a flag to directly supply the encryption key, whereas the gcloud command does. Therefore, setting the encryption key in the .boto file and then using gsutil to upload the files is the correct approach. This is confirmed by the official GCP documentation on using customer-supplied encryption keys with gsutil.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are tasked with migrating files from your on-premises environment to Google Cloud Storage. To ensure the highest level of security, you need the files to be encrypted using customer-supplied encryption keys (CSEK). What specific steps should you take to achieve this during the upload process?
A
Supply the encryption key in a .boto configuration file. Use gsutil to upload the files.
B
Supply the encryption key using gcloud config. Use gsutil to upload the files to that bucket.
C
Use gsutil to upload the files, and use the flag --encryption-key to supply the encryption key.
D
Use gsutil to create a bucket, and use the flag --encryption-key to supply the encryption key. Use gsutil to upload the files to that bucket.
No comments yet.