To comply with your company's security initiative requiring customer-managed encryption keys for all Google Cloud data, you plan to use Cloud Key Management Service (KMS) while adhering to the "separation of duties" principle and Google's best practices. What are two actions you should take? (Choose two.)

Exam-Like

Provision Cloud KMS in its own project.

26.5%

Do not assign an owner to the Cloud KMS project.

7.1%

Provision Cloud KMS in the project where the keys are being used.

18.4%

Grant the roles/cloudkms.admin role to the owner of the project where the keys from Cloud KMS are being used.

9.2%

Grant an owner role for the Cloud KMS project to a different user than the owner of the project where the keys from Cloud KMS are being used.

38.8%

Google Professional Cloud Developer