Your team is designing a Dataflow pipeline that consumes streaming events from Cloud Pub/Sub, processes them in Dataflow, and writes the results to BigQuery. The security team wants to understand how the data will be protected if you make no additional encryption configurations. Which statement correctly describes Google Cloud's default encryption behavior for this end-to-end workflow?
Data is encrypted in transit between Pub/Sub and Dataflow workers by default, but at rest in BigQuery you must enable customer-managed encryption keys; otherwise the data is stored unencrypted.
All data in Google Cloud is encrypted only if you enable Cloud KMS and provide customer-managed keys; without that, no encryption is applied in transit or at rest.
Data in Cloud Storage is encrypted at rest by default, but traffic between Dataflow workers and BigQuery is unencrypted unless you configure VPC Service Controls.
Google Cloud automatically encrypts data in transit between its services using TLS and encrypts data at rest with Google-managed keys by default, so no additional configuration is required for this pipeline.
Google Cloud automatically secures customer data both while it is stored in services such as BigQuery and while it moves between Google-controlled endpoints (for example, from Pub/Sub to Dataflow workers or from Dataflow to BigQuery). At rest, data is encrypted using Google-managed encryption keys, and in transit it is protected with TLS-based encryption by default. Therefore, no extra configuration is required to achieve encryption for either state, although customers may choose to supply their own keys (CMEK) for additional control. The other statements are incorrect because:
One option claims BigQuery stores data unencrypted unless CMEK is enabled, which is false-Google-managed encryption is on by default.
Another option states that network traffic between services is unencrypted unless VPC Service Controls are used; VPC Service Controls add a perimeter but do not enable encryption, which is already provided by default TLS.
The statement that Google Cloud applies no encryption unless KMS is configured contradicts Google's default security posture, which always encrypts data at rest and in transit.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is TLS encryption and how does it protect data in transit?
Open an interactive chat with Bash
What are Google-managed encryption keys, and how do they secure data at rest?
Open an interactive chat with Bash
What is the difference between CMEK and Google-managed encryption keys?
Open an interactive chat with Bash
Can you explain TLS encryption in simple terms?
Open an interactive chat with Bash
What are Google-managed encryption keys and how do they work?
Open an interactive chat with Bash
What is the difference between customer-managed encryption keys (CMEK) and Google-managed ones?
Open an interactive chat with Bash
What is TLS and why is it used in Google Cloud?
Open an interactive chat with Bash
What are Google-managed encryption keys and how do they work?
Open an interactive chat with Bash
What is the difference between Google-managed keys and customer-managed encryption keys (CMEK)?
Open an interactive chat with Bash
GCP Professional Data Engineer
Ingesting and processing the data
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .