Answer-first summary for fast verification
Answer: Use `gsutil` with `GSUtil:encryption_key=[YOUR_ENCRYPTION_KEY]` to pass the encryption key
The correct answer is **D** because the customer-supplied encryption key can be passed using the `encryption_key` parameter. This can be achieved by adding the following option to the `[GSUtil]` section of your `boto` configuration file: `encryption_key = [YOUR_ENCRYPTION_KEY]`, where `[YOUR_ENCRYPTION_KEY]` is the key for encrypting the uploaded file. Alternatively, you can include this information in each `gsutil` command by using the `-o` top-level flag: `-o "GSUtil:encryption_key=[YOUR_ENCRYPTION_KEY]"`. - **Option A** is incorrect because the encryption key cannot be defined using `gcloud config`. - **Option B** is incorrect because encryption is not set on the bucket; it needs to be applied when the object is uploaded. - **Option C** is incorrect because the parameter `—encryption-key` is not the correct way to pass the encryption key.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company utilizes Cloud Storage for their critical data storage. Compliance requirements mandate that objects be encrypted using customer-supplied encryption keys. What is the correct method to handle objects to support customer-supplied encryption?
A
Define the encryption using gcloud config
B
Create a bucket with —encryption-key and upload files using gsutil
C
Use gsutil with —encryption-key to pass the encryption key
D
Use gsutil with GSUtil:encryption_key=[YOUR_ENCRYPTION_KEY] to pass the encryption key
No comments yet.