Google Professional Data Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A financial services company is looking to utilize BigQuery for their data warehousing and analytics needs. They have a requirement to store and manage encryption keys in a key management system that is deployed outside of a public cloud. The goal is to minimize the management overhead of key management while staying compliant. What would be your recommendation?
Explanation:
The correct approach is to use Cloud External Key Management (EKM), which enables the company to keep their encryption keys separate from their data in BigQuery. Data Catalog serves as a metadata and data discovery service, not for key management. While BigQuery can access external data sources, this does not meet the key management requirement. Cloud Dataproc is designed for managed Spark and Hadoop services, not key management. For more details, visit Cloud KMS EKM documentation.