Google Cloud Professional Cloud Security Engineer — Question 144
You are migrating an on-premises data warehouse to BigQuery, Cloud SQL, and Cloud Storage. You need to configure security services in the data warehouse. Your company compliance policies mandate that the data warehouse must:
• Protect data at rest with full lifecycle management on cryptographic keys.
• Implement a separate key management provider from data management.
• Provide visibility into all encryption key requests.
What services should be included in the data warehouse implementation? (Choose two.)
Answer options
- A. Customer-managed encryption keys
- B. Customer-Supplied Encryption Keys
- C. Key Access Justifications
- D. Access Transparency and Approval
- E. Cloud External Key Manager
Correct answer: C, E
Explanation
The correct answers are C and E because Key Access Justifications provide the necessary visibility into encryption key requests, fulfilling the compliance requirement. Cloud External Key Manager allows for a separate key management solution, ensuring that key management is distinct from data management, as required by the company's policies. Options A and B do not meet the criteria for a separate key management provider, while D does not specifically address the requirements laid out.