Google Cloud Professional Cloud Architect — Question 110

Your company is migrating its on-premises data center into the cloud. As part of the migration, you want to integrate Google Kubernetes Engine (GKE) for workload orchestration. Parts of your architecture must also be PCI DSS-compliant. Which of the following is most accurate?

Answer options

• A. App Engine is the only compute platform on GCP that is certified for PCI DSS hosting.
• B. GKE cannot be used under PCI DSS because it is considered shared hosting.
• C. GKE and GCP provide the tools you need to build a PCI DSS-compliant environment.
• D. All Google Cloud services are usable because Google Cloud Platform is certified PCI-compliant.

Correct answer: C

Explanation

The correct answer is C because GKE and GCP provide the necessary resources and tools to establish a PCI DSS-compliant infrastructure. Option A is incorrect as there are multiple GCP services that can be PCI DSS certified. Option B is wrong because GKE can be configured to meet PCI compliance requirements. Option D is misleading since not all services automatically guarantee PCI compliance without proper configuration.