A customer's internal security team needs to manage their own encryption keys for data in Cloud Storage using customer-supplied encryption keys (CSEK). How should they accomplish this?

Exam-Like

Upload the encryption key to a Cloud Storage bucket, and then upload the object to the same bucket.

Use the gsutil command line tool to upload the object to Cloud Storage, and specify the location of the encryption key.

Generate an encryption key in the Google Cloud Platform Console, and upload an object to Cloud Storage using the specified key.

Encrypt the object, then use the gsutil command line tool or the Google Cloud Platform Console to upload the object to Cloud Storage.

Google Professional Cloud Security Engineer