Your organization operates in a highly regulated industry and uses multiple Google Cloud services. You need to identify potential risks to regulatory compliance. Which scenario presents the greatest risk?

Exam-Like

The security team mandates the use of customer-managed encryption keys (CMEK) for all data classified as sensitive.

Sensitive data is stored in a Cloud Storage bucket with the uniform bucket-level access setting enabled.

The audit team needs access to Cloud Audit Logs related to managed services like BigQuery.

Principals have broad IAM roles allowing the creation and management of Compute Engine VMs without a pre-defined hardening process.

Google Professional Cloud Security Engineer