Topic 1 Question 235
You are setting up a new Cloud Storage bucket in your environment that is encrypted with a customer managed encryption key (CMEK). The CMEK is stored in Cloud Key Management Service (KMS), in project “prj-a”, and the Cloud Storage bucket will use project “prj-b”. The key is backed by a Cloud Hardware Security Module (HSM) and resides in the region europe-west3. Your storage bucket will be located in the region europe-west1. When you create the bucket, you cannot access the key, and you need to troubleshoot why.
What has caused the access issue?
A firewall rule prevents the key from being accessible.
Cloud HSM does not support Cloud Storage.
The CMEK is in a different project than the Cloud Storage bucket.
The CMEK is in a different region than the Cloud Storage bucket.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: D
The correct answer is D. The CMEK is in a different region than the Cloud Storage bucket.
When you use a customer-managed encryption key (CMEK) to secure a Cloud Storage bucket, the key and the bucket must be located in the same region. In this case, the key is in europe-west3 and the bucket is in europe-west1, which is why you’re unable to access the key.
👍 1MisterHairy2023/11/21 - 👍 1NaikMN2023/12/11
- 正解だと思う選択肢: D
The access issue is caused by the fact that the CMEK is in a different region than the Cloud Storage bucket. According to the Google Cloud documentation, the location of the Cloud KMS key must match the storage location of the resource it is intended to encrypt. Since the CMEK resides in the region europe-west3 and the storage bucket is located in the region europe-west1, this mismatch is the reason why the key cannot be accessed when creating the bucket. Therefore, the correct answer is: D. The CMEK is in a different region than the Cloud Storage bucket
👍 1i_am_robot2023/12/16
シャッフルモード