Topic 1 Question 148
You are designing a Data Warehouse on Google Cloud and want to store sensitive data in BigQuery. Your company requires you to generate the encryption keys outside of Google Cloud. You need to implement a solution. What should you do?
Generate a new key in Cloud Key Management Service (Cloud KMS). Store all data in Cloud Storage using the customer-managed key option and select the created key. Set up a Dataflow pipeline to decrypt the data and to store it in a new BigQuery dataset.
Generate a new key in Cloud KMS. Create a dataset in BigQuery using the customer-managed key option and select the created key.
Import a key in Cloud KMS. Store all data in Cloud Storage using the customer-managed key option and select the created key. Set up a Dataflow pipeline to decrypt the data and to store it in a new BigQuery dataset.
Import a key in Cloud KMS. Create a dataset in BigQuery using the customer-supplied key option and select the created key.
ユーザの投票
コメント(17)
D is OK
👍 16SweetieS2021/08/23- 正解だと思う選択肢: D
The answer is easy. It says keys must be left outside of Google Cloud. This automatically eliminates A / B. Now the C option says decrypts before storing it in BigQuery which the point is to encrypt the data while been in BigQuery, D is the only possible answer.
👍 12alexandercamachop2022/09/11 - 正解だと思う選択肢: D
For those that saying BigQuery does not support CSEK, read the below. You will need to import you CSEK and it will become CMEK. From there you can use it for BigQuery https://cloud.google.com/bigquery/docs/customer-managed-encryption
👍 4midgoo2022/08/26
シャッフルモード