Answer-first summary for fast verification
Answer: Create a key with Cloud Key Management Service (KMS). Set the encryption key on the bucket to the Cloud KMS key.
The correct answer is B. This is because using Cloud Key Management Service (KMS) to create and manage keys in Google Cloud Storage follows Google-recommended practices for security, including the ability to rotate encryption keys without disrupting access to data. This ensures compliance with regulatory requirements. Links from users support this approach, showing that Cloud KMS can effectively handle key rotation in Cloud Storage buckets.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization has stored sensitive data in a Cloud Storage bucket, and for regulatory reasons, your company must be able to rotate the encryption key used to secure this data. The data, which will be later processed in Dataproc, requires a method that aligns with Google-recommended practices for security. What should you do to ensure both security and compliance?
A
Create a key with Cloud Key Management Service (KMS). Encrypt the data using the encrypt method of Cloud KMS.
B
Create a key with Cloud Key Management Service (KMS). Set the encryption key on the bucket to the Cloud KMS key.
C
Generate a GPG key pair. Encrypt the data using the GPG key. Upload the encrypted data to the bucket.
D
Generate an AES-256 encryption key. Encrypt the data in the bucket using the customer-supplied encryption keys feature.
No comments yet.