🔥 3-day streak
Professional Cloud Security Engineer51 / 152
Question 51 of 152

A financial services company stores highly regulated customer data in BigQuery and Cloud Storage, encrypted with Cloud KMS CMEK keys. Auditors require that any time Google or an internal automated process attempts to use these keys to decrypt data, the company can review the stated reason for access and automatically deny requests that lack an approved business justification. Which Cloud KMS capability should the security engineer configure to meet this requirement?

Reviewed for accuracy · Report an issueNext question