As part of the data governance team, you're implementing security measures that require encrypting all BigQuery data with a key managed by your team. The encryption material must be generated and stored exclusively on your on-premises hardware security module (HSM), yet you prefer using Google's managed solutions. How can you set up this encryption in BigQuery while adhering to these requirements?

Real Exam

Generate the encryption key in your on-premises HSM, import it into a Cloud Key Management Service (Cloud KMS) key, and use this Cloud KMS key when creating BigQuery resources.

11.1%

Generate the encryption key in your on-premises HSM, link it to a Cloud External Key Manager (Cloud EKM) key, and use this Cloud KMS key when creating BigQuery resources.

77.8%

Generate the encryption key in your on-premises HSM, import it into a Cloud HSM key, and use this Cloud HSM key when creating BigQuery resources.

0.0%

Generate the encryption key in your on-premises HSM, then create and encrypt BigQuery resources during data ingestion.

11.1%

Google Professional Data Engineer

Get started today

Comments