Multiple Choice
You want to archive data in Cloud Storage. Because some data is very sensitive, you want to use the "Trust No One" (TNO) approach to encrypt your data to prevent the cloud provider staff from decrypting your data. What should you do?
A) Use gcloud kms keys create to create a symmetric key. Then use gcloud kms encrypt to encrypt each archival file with the key and unique additional authenticated data (AAD) . Use gsutil cp to upload each encrypted file to the Cloud Storage bucket, and keep the AAD outside of Google Cloud. Use gcloud kms keys create to create a symmetric key. Then use gcloud kms encrypt to encrypt each archival file with the key and unique additional authenticated data (AAD) . Use gsutil cp to upload each encrypted file to the Cloud Storage bucket, and keep the AAD outside of Google Cloud.
B) Use gcloud kms keys create to create a symmetric key. Then use gcloud kms encrypt to encrypt each archival file with the key. Use gsutil cp to upload each encrypted file to the Cloud Storage bucket. Manually destroy the key previously used for encryption, and rotate the key once. Use gcloud kms keys create to create a symmetric key. Then use to encrypt each archival file with the key. Use gsutil cp to upload each encrypted file to the Cloud Storage bucket. Manually destroy the key previously used for encryption, and rotate the key once.
C) Specify customer-supplied encryption key (CSEK) in the . boto configuration file. Use gsutil cp to upload each archival file to the Cloud Storage bucket. Save the CSEK in Cloud Memorystore as permanent storage of the secret. Specify customer-supplied encryption key (CSEK) in the . boto configuration file. Use gsutil cp to upload each archival file to the Cloud Storage bucket. Save the CSEK in Cloud Memorystore as permanent storage of the secret.
D) Specify customer-supplied encryption key (CSEK) in the . boto configuration file. Use gsutil cp to upload each archival file to the Cloud Storage bucket. Save the CSEK in a different project that only the security team can access. to upload each archival file to the Cloud Storage bucket. Save the CSEK in a different project that only the security team can access.
Correct Answer:
Verified
Correct Answer:
Verified
Q191: Each analytics team in your organization is
Q192: You work for an advertising company, and
Q193: Google Cloud Bigtable indexes a single value
Q194: You use BigQuery as your centralized analytics
Q195: You are a retailer that wants to
Q197: You are updating the code for a
Q198: You want to automate execution of a
Q199: You work for a manufacturing company that
Q200: You are selecting services to write and
Q201: A data scientist has created a BigQuery