You need to upload files from your on-premises environment to Cloud Storage. You want the files to be encrypted on Cloud Storage using customer-supplied encryption keys. What should you do?
You need to upload files from your on-premises environment to Cloud Storage. You want the files to be encrypted on Cloud Storage using customer-supplied encryption keys. What should you do?
To upload files from an on-premises environment to Cloud Storage using customer-supplied encryption keys, you should configure the encryption key in a .boto configuration file and use gsutil to upload the files. This method ensures that the files are encrypted using customer-supplied keys during the upload process. Other methods like using the --encryption-key flag are associated with the gcloud command rather than gsutil, making the .boto configuration file the correct approach for gsutil.
In GCP document, key could be configured in .boto. I didn't find information show gsutil suppots flag "--encryption-key". https://cloud.google.com/storage/docs/encryption/customer-supplied-keys
A is ok
.boto file with encryption key, but it will works for individual users, every user should update their own .boto with same key. Also while retrieving you should use the same key to decryption.
A is correct
The documentation is here: https://cloud.google.com/storage/docs/encryption/using-customer-supplied-keys#upload-encrypt Option C is correct. You can upload a file using customer-supplied encryption with the command: gcloud storage cp SOURCE_DATA gs://BUCKET_NAME/OBJECT_NAME --encryption-key=YOUR_ENCRYPTION_KEY
I agree, A.(https://cloud.google.com/storage/docs/gsutil/addlhelp/UsingEncryptionKeys#generating-customer-supplied-encryption-keys)
A is correct. C is a trick. The --encryption-key flag only works with gcloud command, not with gsutil https://cloud.google.com/storage/docs/encryption/using-customer-supplied-keys#gcloud
Take into account that by the time this exam was designed, gcloud storage was most likely still not available or just in beta. The "--encryption-key" flag is meant to be used with gcloud, not with gsutil; having said this, if in the actual exam the option says gcloud storage, go for C. If it says gsutil, go for A, as gsutil does not have any "--encryption-key" flag and this question was probably intended to be tricky when it was crafted. Btw, the official documentation states that gcloud storage should be used with that flag, and for gsutil we should add the encryption key to the .boto file - https://cloud.google.com/storage/docs/encryption/using-customer-supplied-keys#gsutil. Again, the questions are probably old and gcloud storage is relatively new.
https://cloud.google.com/storage/docs/encryption/using-customer-supplied-keys#upload-encrypt this flag exist now
No, its wrong because the flag is for gcloud and not gsutil ... https://cloud.google.com/storage/docs/encryption/using-customer-supplied-keys#gcloud
.boto file should be used to supply key
C - https://cloud.google.com/storage/docs/encryption/using-customer-supplied-keys#console
A is correct. Link here: https://www.cloudskillsboost.google/focuses/19181?parent=catalog
A is the correct ans.
https://cloud.google.com/storage/docs/encryption/using-customer-supplied-keys#command-line ; clearly states for gsutil you need a boto config, that makes C invalid
C - Answer gcloud storage cp SOURCE_DATA gs://BUCKET_NAME/OBJECT_NAME --encryption-key=YOUR_ENCRYPTION_KEY
gcloud storage is not gsutil.
A is ok
D - Correct gsutil mb -k < Key > gs://xx gsutil -m cp -r xx gs://xx
https://cloud.google.com/storage/docs/encryption/using-customer-supplied-keys#upload-encrypt
https://cloud.google.com/storage/docs/encryption/using-customer-supplied-keys#command-line
The .boto file was indeed used for configuration in older versions of Google Cloud Storage, particularly with the gsutil tool. However, this method is now considered legacy and is not recommended for modern Google Cloud configurations. Option C is correct.
A is OK