Google Cloud Professional Cloud Database Engineer — Question 104

Your organization has a security policy to ensure that all Cloud SQL for PostgreSQL databases are secure. You want to protect sensitive data by using a key that meets specific locality or residency requirements. Your organization needs to control the key's lifecycle activities. You need to ensure that data is encrypted at rest and in transit. What should you do?

Answer options

• A. Create the database with Google-managed encryption keys.
• B. Create the database with customer-managed encryption keys.
• C. Create the database persistent disk with Google-managed encryption keys.
• D. Create the database persistent disk with customer-managed encryption keys.

Correct answer: B

Explanation

The correct answer is B, as customer-managed encryption keys allow for greater control over the key's lifecycle and compliance with locality requirements. Option A does not provide the necessary lifecycle management, while options C and D focus on persistent disks, which are not what is needed for securing the database itself in this context.