Google Cloud Professional Cloud Security Engineer — Question 23

A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery.
What technique should the institution use?

Answer options

• A. Use Cloud Storage as a federated Data Source.
• B. Use a Cloud Hardware Security Module (Cloud HSM).
• C. Customer-managed encryption keys (CMEK).
• D. Customer-supplied encryption keys (CSEK).

Correct answer: C

Explanation

The correct answer is C, as Customer-managed encryption keys (CMEK) allow the organization to control their encryption keys while using Google-managed services. Option A does not provide the necessary control over encryption, while B offers a different type of security measure not focused on data at rest, and D, while it provides some control, requires more management overhead and is less suitable for the needs of the institution.