ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Database Engineer All Questions

View all questions & answers for the Professional Cloud Database Engineer exam
Go to Exam

Exam Professional Cloud Database Engineer topic 1 question 62 discussion

Actual exam question from Google's Professional Cloud Database Engineer
Question #: 62
Topic #: 1
[All Professional Cloud Database Engineer Questions]

Your organization has a security policy to ensure that all Cloud SQL for PostgreSQL databases are secure. You want to protect sensitive data by using a key that meets specific locality or residency requirements. Your organization needs to control the key's lifecycle activities. You need to ensure that data is encrypted at rest and in transit. What should you do?

  • A. Create the database with Google-managed encryption keys.
  • B. Create the database with customer-managed encryption keys.
  • C. Create the database persistent disk with Google-managed encryption keys.
  • D. Create the database persistent disk with customer-managed encryption keys.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by pk349 at Dec. 25, 2022, 12:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
887ad17
4 months, 3 weeks ago
Selected Answer: B
Create the Cloud SQL instance with CMEK: When creating the Cloud SQL instance, specify the KMS key to be used for encryption. You can do this via the Google Cloud Console, gcloud command-line tool, or the Cloud SQL Admin API.
upvoted 1 times
...
DPonly
11 months, 2 weeks ago
Selected Answer: B
This is better option "database with customer-managed encryption keys"
upvoted 1 times
...
cslince
1 year ago
Selected Answer: B
B. Create the database with customer-managed encryption keys.
upvoted 1 times
...
dynamic_dba
1 year, 3 months ago
B. Having greater control over EK means use CMEK. That eliminates A and C. When creating a Cloud SQL instance you get to choose the encryption method at the instance level, which would include databases. That makes D not make sense. So it’s B.
upvoted 4 times
...
H_S
1 year, 3 months ago
Selected Answer: B
B. Create the database with customer-managed encryption keys.
upvoted 1 times
...
chelbsik
1 year, 5 months ago
Selected Answer: B
Despite that you select CMEK in the Storage section, it says: This instance is encrypted with a Google-managed key by default. If you need to manage your encryption, you can use a customer-managed key instead. Also, you don't need to create persistent disk, google does that.
upvoted 2 times
chelbsik
1 year, 5 months ago
https://cloud.google.com/sql/docs/postgres/configure-cmek#createcmekinstance
upvoted 1 times
...
...
pk349
1 year, 5 months ago
B: Create the database with customer-managed encryption keys. How do you create a customer managed key? In the navigation pane, choose Customer managed keys. Choose Create key. To create a symmetric encryption KMS key, for Key type choose Symmetric. For information about how to create an asymmetric KMS key in the AWS KMS console, see Creating asymmetric KMS keys (console).
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel