You have a BigQuery table that receives data from a Pub/Sub subscription, encrypted with a Google-managed key. A new policy requires using keys from a centralized Cloud KMS project for data at rest encryption in BigQuery. How should you comply?

Real Exam

Use Cloud KMS encryption key with Dataflow to ingest the existing Pub/Sub subscription to the existing BigQuery table.

21.4%

Create a new BigQuery table with customer-managed encryption keys (CMEK), and migrate the data from the old BigQuery table.

42.9%

Create a new Pub/Sub topic with CMEK and use the existing BigQuery table with Google-managed encryption key.

7.1%

Create a new BigQuery table and Pub/Sub topic with customer-managed encryption keys (CMEK), and migrate the data from the old BigQuery table.

28.6%

Google Professional Data Engineer