Your organization needs to store highly sensitive data in Google Cloud and requires a solution with the maximum level of security and control. What is the recommended approach?

Exam-Like

Use Cloud Storage with customer-supplied encryption keys (CSEK), VPC Service Controls for network isolation, and Cloud DLP for data inspection.

Use Cloud Storage with customer-managed encryption keys (CMEK), Cloud DLP for data classification, and Secret Manager for storing API access tokens.

Use Cloud Storage with client-side encryption, Cloud KMS for key management, and Cloud HSM for cryptographic operations.

Use Cloud Storage with server-side encryption, BigQuery with column-level encryption, and IAM roles for access control.

Google Professional Cloud Security Engineer