Your organization has stored sensitive data in a Cloud Storage bucket. For regulatory reasons, your company must be able to rotate the encryption key used to encrypt the data in the bucket. The data will be processed in Dataproc. You want to follow Google-recommended practices for security. What should you do?

A、CreateakeywithCloudKeyManagementService(KMS).EncryptthedatausingtheencryptmethodofCloudKMS.
B、CreateakeywithCloudKeyManagementService(KMS).SettheencryptionkeyonthebuckettotheCloudKMSkey.
C、GenerateaGPGkeypair.EncryptthedatausingtheGPGkey.Uploadtheencrypteddatatothebucket.
D、GenerateanAES-256encryptionkey.Encryptthedatainthebucketusingthecustomer-suppliedencryptionkeysfeature.