Google Cloud Professional Cloud Database Engineer — Question 28

You are designing a payments processing application on Google Cloud. The application must continue to serve requests and avoid any user disruption if a regional failure occurs. You need to use AES-256 to encrypt data in the database, and you want to control where you store the encryption key. What should you do?

Answer options

• A. Use Cloud Spanner with a customer-managed encryption key (CMEK).
• B. Use Cloud Spanner with default encryption.
• C. Use Cloud SQL with a customer-managed encryption key (CMEK).
• D. Use Bigtable with default encryption.

Correct answer: A

Explanation

The correct answer is A because using Cloud Spanner with a customer-managed encryption key (CMEK) allows you to keep control over the encryption key while ensuring high availability during regional outages. Options B and D use default encryption, which does not provide key management flexibility, and option C, while using CMEK, applies to Cloud SQL, which may not meet the requirement for regional failover as effectively as Cloud Spanner.