BITE-SIZED NEWS

Exam Professional Data Engineer topic 1 question 262 discussion - ExamTopics

See original article

Problem

The scenario involves a data governance team implementing security requirements for BigQuery data. They must encrypt data using an encryption key managed by their team and generated/stored on an on-premises Hardware Security Module (HSM). The solution must leverage Google's managed services.

Options

  • A: Create the encryption key in the HSM, import it into Cloud KMS, and associate it with BigQuery resources.
  • B: Create the encryption key in the HSM, link it to a Cloud External Key Manager (Cloud EKM) key, and associate it with BigQuery resources.
  • C: Create the encryption key in the HSM, import it into Cloud HSM, and associate it with BigQuery resources.
  • D: Create the encryption key in the HSM, create BigQuery resources, and encrypt data during ingestion.

Solution

The suggested answer is B. This option utilizes Cloud EKM, enabling the linkage of the on-premises HSM key to BigQuery resources, fulfilling the requirement for Google-managed solutions and on-premises HSM-based key management.

Sign up for a free account and get the following:
  • Save articles and sync them across your devices
  • Get a digest of the latest premium articles in your inbox twice a week, personalized to you (Coming soon).
  • Get access to our AI features
    • Sign In With Google Sign Up With Email