Google Cloud Associate Data Practitioner — Question 44

Your retail organization stores sensitive application usage data in Cloud Storage. You need to encrypt the data without the operational overhead of managing encryption keys. What should you do?

Answer options

• A. Use Google-managed encryption keys (GMEK).
• B. Use customer-managed encryption keys (CMEK).
• C. Use customer-supplied encryption keys (CSEK).
• D. Use customer-supplied encryption keys (CSEK) for the sensitive data and customer-managed encryption keys (CMEK) for the less sensitive data.

Correct answer: A

Explanation

The correct answer is A because Google-managed encryption keys (GMEK) allow for automatic encryption of data without requiring the user to manage keys. Options B and D involve customer-managed keys, which add the operational burden of key management. Option C also requires the user to supply and manage encryption keys, which is contrary to the requirement of minimizing operational overhead.