Google Cloud Professional Cloud Database Engineer — Question 57

Your organization works with sensitive data that requires you to manage your own encryption keys. You are working on a project that stores that data in a Cloud SQL database. You need to ensure that stored data is encrypted with your keys. What should you do?

Answer options

• A. Export data periodically to a Cloud Storage bucket protected by Customer-Supplied Encryption Keys.
• B. Use Cloud SQL Auth proxy.
• C. Connect to Cloud SQL using a connection that has SSL encryption.
• D. Use customer-managed encryption keys with Cloud SQL.

Correct answer: D

Explanation

The correct answer is D because using customer-managed encryption keys allows you to maintain control over the encryption process for data stored in Cloud SQL. Option A, while it involves encryption, does not ensure that data at rest within Cloud SQL is encrypted with your keys. Option B is about authentication and does not address encryption. Option C provides a secure connection but does not involve managing encryption keys for stored data.