Google Associate Cloud Engineer

Get started today

Ultimate access to all questions.

Explanation:

The correct answer is D because the customer-supplied encryption key can be passed using the encryption_key parameter. This can be achieved by adding the following option to the [GSUtil] section of your boto configuration file: encryption_key = [YOUR_ENCRYPTION_KEY], where [YOUR_ENCRYPTION_KEY] is the key for encrypting the uploaded file. Alternatively, you can include this information in each gsutil command by using the -o top-level flag: -o "GSUtil:encryption_key=[YOUR_ENCRYPTION_KEY]".

Option A is incorrect because the encryption key cannot be defined using gcloud config.
Option B is incorrect because encryption is not set on the bucket; it needs to be applied when the object is uploaded.
Option C is incorrect because the parameter —encryption-key is not the correct way to pass the encryption key.

Explanation:

Option A is incorrect because the encryption key cannot be defined using gcloud config.
Option B is incorrect because encryption is not set on the bucket; it needs to be applied when the object is uploaded.
Option C is incorrect because the parameter —encryption-key is not the correct way to pass the encryption key.

Comments (0)

No comments yet.

A company utilizes Cloud Storage for their critical data storage. Compliance requirements mandate that objects be encrypted using customer-supplied encryption keys. What is the correct method to handle objects to support customer-supplied encryption?

Real Exam

Define the encryption using gcloud config

17.9%

Create a bucket with —encryption-key and upload files using gsutil

17.9%

Use gsutil with —encryption-key to pass the encryption key

28.6%

Use gsutil with GSUtil:encryption_key=[YOUR_ENCRYPTION_KEY] to pass the encryption key

35.7%