U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Professional Cloud Security Engineer Exam - Topic 1 Question 117 Discussion

You need to use Cloud External Key Manager to create an encryption key to encrypt specific BigQuery data at rest in Google Cloud. Which steps should you do first?
C) 1. Create or use an existing key with a unique uniform resource identifier (URI) in a supported external key management partner system.2. In the external key management partner system, grant access for this key to use your Google Cloud project.
A) 1. Create or use an existing key with a unique uniform resource identifier (URI) in your Google Cloud project.2. Grant your Google Cloud project access to a supported external key management partner system.
B) 1. Create or use an existing key with a unique uniform resource identifier (URI) in Cloud Key Management Service (Cloud KMS).2. In Cloud KMS, grant your Google Cloud project access to use the key.
D) 1. Create an external key with a unique uniform resource identifier (URI) in Cloud Key Management Service (Cloud KMS).2. In Cloud KMS, grant your Google Cloud project access to use the key.

Google Professional Cloud Security Engineer Exam - Topic 1 Question 117 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 117
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You need to use Cloud External Key Manager to create an encryption key to encrypt specific BigQuery data at rest in Google Cloud. Which steps should you do first?

Show Suggested Answer Hide Answer
Suggested Answer: C

https://cloud.google.com/kms/docs/ekm#how_it_works

- First, you create or use an existing key in a supported external key management partner system. This key has a unique URI or key path.

- Next, you grant your Google Cloud project access to use the key, in the external key management partner system.

- In your Google Cloud project, you create a Cloud EKM key, using the URI or key path for the externally-managed key.


Contribute your Thoughts:

0/2000 characters
Corazon
1 month ago
I think the first step involves creating a key with a unique URI, but I'm not sure if it should be in Cloud KMS or an external system.
upvoted 0 times
...

Save Cancel