🔥 3-day streak
Professional Cloud Security Engineer52 / 152
Question 52 of 152

A large enterprise is standardizing CMEK across hundreds of new BigQuery datasets, Cloud Storage buckets, and Compute Engine disks created by many teams. Security wants each protected resource to use its own dedicated, purpose-built Cloud KMS key that is automatically generated in the correct region and follows a consistent naming and IAM convention, without developers manually creating key rings and keys for every resource. Which approach best meets these requirements with the least operational overhead?

Reviewed for accuracy · Report an issueNext question