ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 229 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 229
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your organization wants to be General Data Protection Regulation (GDPR) compliant. You want to ensure that your DevOps teams can only create Google Cloud resources in the Europe regions.

What should you do?

  • A. Use Identity-Aware Proxy (IAP) with Access Context Manager to restrict the location of Google Cloud resources.
  • B. Use the org policy constraint 'Google Cloud Platform – Resource Location Restriction' on your Google Cloud organization node.
  • C. Use the org policy constraint 'Restrict Resource Service Usage' on your Google Cloud organization node.
  • D. Use Identity and Access Management (IAM) custom roles to ensure that your DevOps team can only create resources in the Europe regions.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ppandher at Aug. 3, 2023, 2:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mjcts
8 months, 3 weeks ago
Selected Answer: B
B. Use the org policy constraint 'Google Cloud Platform – Resource Location Restriction' on your Google Cloud organization node.
upvoted 1 times
...
b6f53d8
9 months ago
Selected Answer: B
good answer,
upvoted 1 times
...
ssk119
9 months, 2 weeks ago
I will go with A; since requirement for access to devops only is met through IAP and Access context manager ensures jurisdictional requirements around data.
upvoted 1 times
...
pradoUA
1 year, 1 month ago
Selected Answer: B
B. Use the org policy constraint 'Google Cloud Platform – Resource Location Restriction' on your Google Cloud organization node.
upvoted 1 times
...
pfilourenco
1 year, 2 months ago
Selected Answer: B
B is the correct.
upvoted 2 times
...
Mithung30
1 year, 2 months ago
Correct answer is B https://cloud.google.com/resource-manager/docs/organization-policy/defining-locations
upvoted 1 times
...
ppandher
1 year, 2 months ago
B. Use the org policy constraint 'Google Cloud Platform – Resource Location Restriction' on your Google Cloud organization node: This policy constraint allows you to restrict the regions where Google Cloud resources can be created within your organization. By setting this constraint, you can ensure that resources are only deployed in the Europe regions, aligning with GDPR requirements for data processing and storage.
upvoted 3 times
Yohanes411
1 year ago
Wouldn't that affect everyone under the organization? The location restriction is supposed to be applied only to the devops team and I imagine there are other teams/groups within the organization as well.
upvoted 2 times
ppandher
1 year ago
Should be D ?
upvoted 1 times
...
ppandher
1 year ago
I think While custom IAM roles can control permissions within projects, they do not inherently enforce geographic location restrictions on resource creation. Your thoughts ?
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago