Answer-first summary for fast verification
Answer: In the bucket's advanced settings, select Customer-managed key and then choose a Cloud KMS encryption key.
The correct action is to select 'Customer-managed key' in the bucket's advanced settings and then choose the appropriate Cloud KMS encryption key. This meets the requirement of using customer-managed encryption keys. The other options are incorrect for the following reasons: - **Option A**: Bucket encryption can be changed at any time; recreating the bucket is unnecessary. - **Option B**: Using a Google-managed key does not meet the requirement for customer-managed keys. - **Option C**: 'Customer-supplied key' is not an available option in the console and does not meet the requirement for customer-managed keys. For more information, refer to Google Cloud's documentation on using customer-managed keys for encryption.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To comply with your company's requirement of storing sensitive PII data encrypted by customer-managed encryption keys in a cloud storage bucket, what is the correct action to take?
A
Recreate the bucket to use a Customer-managed key, as encryption can only be specified at the time of bucket creation.
B
In the bucket's advanced settings, select Google-managed key and then choose a Cloud KMS encryption key.
C
In the bucket's advanced settings, select Customer-supplied key and then choose a Cloud KMS encryption key.
D
In the bucket's advanced settings, select Customer-managed key and then choose a Cloud KMS encryption key.