Answer-first summary for fast verification
Answer: 1. Create or use an existing key with a unique uniform resource identifier (URI) in a supported external key management partner system. 2. In the external key management partner system, grant access for this key to use your Google Cloud project.
The correct answer is C because it accurately describes the Cloud EKM workflow as documented in Google Cloud's official documentation. With Cloud EKM, the encryption key is created and managed in an external key management partner system (not in Cloud KMS), and access must be granted from the external system to the Google Cloud project. Option A is incorrect because it suggests creating the key in Google Cloud and granting access to an external system, which reverses the proper EKM flow. Option B describes standard Cloud KMS usage, not EKM. Option D is incorrect because it suggests creating an 'external key' in Cloud KMS, which contradicts the fundamental principle of EKM where keys are managed externally.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to use Cloud External Key Manager (Cloud EKM) to create an encryption key for encrypting specific BigQuery data at rest in Google Cloud. What are the first steps you should take?
A
B
C
D
No comments yet.