🔥 3-day streak
Professional Data Engineer63 / 169
Question 63 of 169

A financial services company uses Customer-Managed Encryption Keys (CMEK) via Cloud KMS to encrypt data in BigQuery and Cloud Storage. A new compliance policy requires that encryption keys be rotated automatically every 90 days, and that the security team retains sole authority to disable or destroy keys while data engineers continue to run pipelines without interruption. What is the most appropriate way to meet these requirements?

Reviewed for accuracy · Report an issueNext question