🔥 3-day streak
Professional Cloud Security Engineer49 / 152
Question 49 of 152
A retail company stores customer PII in a Cloud Storage bucket within a project named 'data-prod'. Their security policy requires that all objects be encrypted with a Cloud KMS key managed in a separate, dedicated project named 'kms-central' to enforce separation of duties. When engineers upload objects to the bucket, encryption fails with a permission error. What must be configured so that objects are automatically encrypted using the CMEK from the other project?
Reviewed for accuracy · Report an issueNext question