nerdexam
ExamsPROFESSIONAL-CLOUD-ARCHITECTQuestions#242
GoogleGoogle

PROFESSIONAL-CLOUD-ARCHITECT · Question #242

PROFESSIONAL-CLOUD-ARCHITECT Question #242: Real Exam Question with Answer & Explanation

The correct answer is B: Create a key with Cloud Key Management Service (KMS). Set the encryption key on the bucket. https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys#add-object-key

Submitted by anjalisingh· Mar 30, 2026

Question

Your organization has stored sensitive data in a Cloud Storage bucket. For regulatory reasons, your company must be able to rotate the encryption key used to encrypt the data in the bucket. The data will be processed in Dataproc. You want to follow Google-recommended practices for security. What should you do?

Options

  • ACreate a key with Cloud Key Management Service (KMS). Encrypt the data using the encrypt
  • BCreate a key with Cloud Key Management Service (KMS). Set the encryption key on the bucket
  • CGenerate a GPG key pair. Encrypt the data using the GPG key. Upload the encrypted data to the
  • DGenerate an AES-256 encryption key. Encrypt the data in the bucket using the customer-supplied

Explanation

https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys#add-object-key

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-CLOUD-ARCHITECT PracticeBrowse All PROFESSIONAL-CLOUD-ARCHITECT Questions