Crucial Exams

GCP Professional Data Engineer Practice Question

A retail analytics startup is bulk-loading 50 TB of historical transaction logs into Google Cloud Storage and then streaming daily updates into a BigQuery dataset. The logs contain no PII and the company is subject only to standard industry security guidelines-there is no requirement for the company to control its own encryption keys. The CTO insists on encryption for data at rest and in transit, wants to avoid any key-rotation or monitoring tasks, and must have the simplest possible configuration ready before next week's launch. Which encryption strategy best satisfies these requirements?

  • Create Customer-Managed Encryption Keys (CMEK) in Cloud KMS and configure Cloud Storage and BigQuery to use them.

  • Generate Customer-Supplied Encryption Keys (CSEK) and provide a key with every Cloud Storage upload while allowing BigQuery to use default keys.

  • Rely on the default Google-managed encryption keys for both Cloud Storage and BigQuery without any additional key configuration.

  • Integrate an on-premises hardware security module through Cloud External Key Manager so the company retains full key custody.

GCP Professional Data Engineer
Designing data processing systems
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot