Crucial Exams

GCP Professional Data Engineer Practice Question

A fintech startup is building a proof-of-concept analytics pipeline on Google Cloud. They will ingest a limited set of non-production customer transaction data into Cloud Storage and BigQuery for two weeks. The security team insists that the data must be encrypted at rest; however, they do not want to create, rotate, or otherwise manage any encryption keys during this short engagement. Which encryption approach should the data engineering team choose to satisfy the requirement with the least operational overhead?

  • Integrate a third-party Hardware Security Module via Cloud External Key Manager (EKM) and use externally hosted keys.

  • Rely on the default Google-managed encryption keys that automatically protect data at rest in Cloud Storage and BigQuery.

  • Create a Cloud KMS key ring and configure Customer-Managed Encryption Keys (CMEK) for all Cloud Storage buckets and BigQuery datasets.

  • Generate Customer-Supplied Encryption Keys (CSEK) locally and provide them with every upload to Cloud Storage.

GCP Professional Data Engineer
Designing data processing systems
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot