Answer-first summary for fast verification
Answer: Implement Cloud EKM for external key management
The correct approach is to use Cloud External Key Management (EKM), which enables the company to keep their encryption keys separate from their data in BigQuery. Data Catalog serves as a metadata and data discovery service, not for key management. While BigQuery can access external data sources, this does not meet the key management requirement. Cloud Dataproc is designed for managed Spark and Hadoop services, not key management. For more details, visit [Cloud KMS EKM documentation](https://cloud.google.com/kms/docs/ekm).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A financial services company is looking to utilize BigQuery for their data warehousing and analytics needs. They have a requirement to store and manage encryption keys in a key management system that is deployed outside of a public cloud. The goal is to minimize the management overhead of key management while staying compliant. What would be your recommendation?
A
Utilize Data Catalog for managing external data, focusing on keys
B
Encrypt external data sources outside of Google Cloud and use them with BigQuery
C
Employ Dataproc for managing external data, with a focus on keys
D
Implement Cloud EKM for external key management