Your company is implementing a data lake in Cloud Storage. The compliance team requires that all data must be encrypted using keys managed by your organization, and that any accidental deletion of objects can be reversed within 30 days. Which TWO features should you implement? (Select TWO)

Answer options:

Configure the buckets to use Customer-Managed Encryption Keys (CMEK) via Cloud KMS.

Enable Object Versioning on the buckets.

Enable Bucket Lock with a 30-day retention period.

Use Google-Managed Encryption Keys.

Take daily snapshots of the Cloud Storage buckets.

How to approach this question

Identify the encryption type where the customer manages the keys in GCP, and the storage feature that retains deleted files.

Full Answer

To manage your own encryption keys within Google Cloud, you use Customer-Managed Encryption Keys (CMEK) integrated with Cloud KMS (Option A). To protect against accidental deletion and allow recovery, you enable Object Versioning (Option B), which retains the previous version of an object when it is deleted or overwritten.

Common mistakes

Choosing Bucket Lock (C). Bucket Lock is for regulatory compliance where data MUST NOT be deleted under any circumstances. The prompt asks to reverse accidental deletions.

Question 41 All questions Question 43

Practice the full GCP Professional Cloud Architect Practice Exam 4

50 questions · hints · full answers · grading

More questions from this exam

Q01CASE STUDY: TechStream Gaming Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...Medium Q02CASE STUDY: TechStream Gaming Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...Medium Q03CASE STUDY: TechStream Gaming Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...Hard Q04CASE STUDY: TechStream Gaming Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...Hard Q05CASE STUDY: TechStream Gaming Overview: 500 employees, $100M revenue. On-prem US/EU, 200 servers...Easy

View all 50 questions →