Answer-first summary for fast verification
Answer: Create the database with customer-managed encryption keys.
To meet the organization's security policy requirements for Cloud SQL for PostgreSQL databases, especially concerning sensitive data protection with specific locality or residency requirements and control over the key's lifecycle activities, the best approach is to use customer-managed encryption keys (CMEK). This allows the organization to manage and control the encryption keys used to protect their data, ensuring that data is encrypted both at rest and in transit. Google-managed encryption keys do not provide the same level of control over the key's lifecycle as customer-managed keys. Options C and D mention 'database persistent disk', which is not relevant to Cloud SQL's encryption at rest and in transit directly. Therefore, the correct answer is B, as it directly addresses the requirement for customer-managed encryption keys for the database itself.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you secure sensitive data in Cloud SQL for PostgreSQL by using a key that complies with locality or residency requirements, while allowing your organization to manage the key's lifecycle and ensuring encryption at rest and in transit?
A
Create the database with Google-managed encryption keys.
B
Create the database with customer-managed encryption keys.
C
Create the database persistent disk with Google-managed encryption keys.
D
Create the database persistent disk with customer-managed encryption keys.
No comments yet.