Topic 1 Question 274
You have a BigQuery table that ingests data directly from a Pub/Sub subscription. The ingested data is encrypted with a Google-managed encryption key. You need to meet a new organization policy that requires you to use keys from a centralized Cloud Key Management Service (Cloud KMS) project to encrypt data at rest. What should you do?
Use Cloud KMS encryption key with Dataflow to ingest the existing Pub/Sub subscription to the existing BigQuery table.
Create a new BigQuery table by using customer-managed encryption keys (CMEK), and migrate the data from the old BigQuery table.
Create a new Pub/Sub topic with CMEK and use the existing BigQuery table by using Google-managed encryption key.
Create a new BigQuery table and Pub/Sub topic by using customer-managed encryption keys (CMEK), and migrate the data from the old BigQuery table.
ユーザの投票
コメント(3)
D.
We should use new CMSK for both pubsub topic and BQ tables along with migrating old data.
👍 2GCP0012024/01/07- 正解だと思う選択肢: B
- New BigQuery Table with CMEK: This option involves creating a new BigQuery table configured to use a CMEK from Cloud KMS. It directly addresses the need to use a CMEK for data at rest in BigQuery.
- Migrate Data: Migrating data from the old table (encrypted with a Google-managed key) to the new table (encrypted with CMEK) ensures that all existing data complies with the new policy.
👍 2raaad2024/01/10 - 正解だと思う選択肢: D
This option ensures that both the ingestion mechanism (Pub/Sub) and the storage component (BigQuery) are aligned with the organization's policy of using CMEK, providing end-to-end encryption control.
👍 1Smakyel792024/01/07
シャッフルモード