You’ve discovered that one of your Cloud KMS (Key Management Service) encryption keys used for CMEK (Customer-Managed Encryption Key) protection in Cloud Storage has been compromised . You now need to: Re-encrypt all data in Cloud Storage that was previously encrypted with the exposed key. Delete the compromised key after re-encryption. Ensure future objects are not accidentally stored without CMEK protection . What is the most appropriate and secure course of action?