Domain 3: Designing for Security and Compliance — GCP PCA Practice Question 42

How to approach this question

Identify the encryption type where the customer manages the keys in GCP, and the storage feature that retains deleted files.

Full Answer

Configure the buckets to use Customer-Managed Encryption Keys (CMEK) via Cloud KMS. Enable Object Versioning on the buckets.

To manage your own encryption keys within Google Cloud, you use Customer-Managed Encryption Keys (CMEK) integrated with Cloud KMS (Option A). To protect against accidental deletion and allow recovery, you enable Object Versioning (Option B), which retains the previous version of an object when it is deleted or overwritten.

Common mistakes

Choosing Bucket Lock (C). Bucket Lock is for regulatory compliance where data MUST NOT be deleted under any circumstances. The prompt asks to reverse accidental deletions.

Your company is implementing a data lake in Cloud Storage. The compliance team requires that all data must be encrypted using keys managed by your organization, and that any accidental deletion of objects can be reversed within 30 days. Which TWO features should you implement? (Select TWO)

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 4

More questions from this exam