You are tasked with setting up secure storage for sensitive files in Google Cloud Storage for your organization. According to Google's best practices and simplest design principles, what is the best approach to enforce security requirements and utilize encryption for the stored files?

Exam-Like

Use Customer-Supplied Encryption Keys (CSEK) and specify a .boto file during upload with gsutil.

17.1%

Utilize Google’s default encryption at rest.

17.9%

Assign predefined IAM roles to the Google Groups created and utilize Google’s default encryption at rest when storing files.

59.3%

Create and assign custom IAM roles to users for better security management.

5.7%

Google Professional Cloud Architect