Exam Professional Data Engineer topic 1 question 262 discussion - ExamTopics

AI Summary Hide AI Generated Summary

Problem

The scenario involves a data governance team implementing security requirements for BigQuery data. They must encrypt data using an encryption key managed by their team and generated/stored on an on-premises Hardware Security Module (HSM). The solution must leverage Google's managed services.

Options

  • A: Create the encryption key in the HSM, import it into Cloud KMS, and associate it with BigQuery resources.
  • B: Create the encryption key in the HSM, link it to a Cloud External Key Manager (Cloud EKM) key, and associate it with BigQuery resources.
  • C: Create the encryption key in the HSM, import it into Cloud HSM, and associate it with BigQuery resources.
  • D: Create the encryption key in the HSM, create BigQuery resources, and encrypt data during ingestion.

Solution

The suggested answer is B. This option utilizes Cloud EKM, enabling the linkage of the on-premises HSM key to BigQuery resources, fulfilling the requirement for Google-managed solutions and on-premises HSM-based key management.

Sign in to unlock more AI features Sign in with Google

You are on the data governance team and are implementing security requirements. You need to encrypt all your data in BigQuery by using an encryption key managed by your team. You must implement a mechanism to generate and store encryption material only on your on-premises hardware security module (HSM). You want to rely on Google managed solutions. What should you do?

  • A. Create the encryption key in the on-premises HSM, and import it into a Cloud Key Management Service (Cloud KMS) key. Associate the created Cloud KMS key while creating the BigQuery resources.
  • B. Create the encryption key in the on-premises HSM and link it to a Cloud External Key Manager (Cloud EKM) key. Associate the created Cloud KMS key while creating the BigQuery resources.
  • C. Create the encryption key in the on-premises HSM, and import it into Cloud Key Management Service (Cloud HSM) key. Associate the created Cloud HSM key while creating the BigQuery resources.
  • D. Create the encryption key in the on-premises HSM. Create BigQuery resources and encrypt data while ingesting them into BigQuery.
Show Suggested Answer Hide Answer
Suggested Answer: B πŸ—³οΈ

🧠 Pro Tip

Skip the extension β€” just come straight here.

We’ve built a fast, permanent tool you can bookmark and use anytime.

Go To Paywall Unblock Tool
Sign up for a free account and get the following:
  • Save articles and sync them across your devices
  • Get a digest of the latest premium articles in your inbox twice a week, personalized to you (Coming soon).
  • Get access to our AI features
    • Sign In With Google Sign Up With Email
    Category: Technology
    Tags: Data Engineering BigQuery Cloud KMS Encryption HSM
    Open Archived Version
    Share Article
    Go To Original Article
    Save articles to reading lists
    and access them on any device
    Sign In With Google
    If you found this app useful,
    Please consider supporting us.
    Thank you!
    Buy me a coffee!
    Open Archived Version
    Share Article
    Go To Original Article
    Save articles to reading lists
    and access them on any device
    Sign In With Google
    If you found this app useful,
    Please consider supporting us.
    Thank you!
    Buy me a coffee!