🔥 3-day streak
Professional Cloud Security Engineer53 / 152
Question 53 of 152
A financial services company must comply with a regulation requiring that the cryptographic keys protecting customer data in BigQuery and Cloud Storage be generated on the company's on-premises FIPS 140-2 Level 3 hardware security module and never exist in software form inside Google Cloud. The company still wants to use Cloud KMS to manage the key lifecycle and reference the keys as CMEK on Google Cloud resources. Which approach meets these requirements?
Reviewed for accuracy · Report an issueNext question