Google Cloud Professional Cloud Database Engineer — Question 29

You are evaluating Cloud SQL for PostgreSQL as a possible destination for your on-premises PostgreSQL instances. Geography is becoming increasingly relevant to customer privacy worldwide. Your solution must support data residency requirements and include a strategy to: configure where data is stored control where the encryption keys are stored govern the access to data
What should you do?

Answer options

• A. Replicate Cloud SQL databases across different zones.
• B. Create a Cloud SQL for PostgreSQL instance on Google Cloud for the data that does not need to adhere to data residency requirements. Keep the data that must adhere to data residency requirements on-premises. Make application changes to support both databases.
• C. Allow application access to data only if the users are in the same region as the Google Cloud region for the Cloud SQL for PostgreSQL database.
• D. Use features like customer-managed encryption keys (CMEK), VPC Service Controls, and Identity and Access Management (IAM) policies.

Correct answer: D

Explanation

The correct option, D, outlines the use of essential tools and policies that help ensure compliance with data residency requirements, such as managing encryption keys and governing access. Options A and B do not adequately address the need for control over encryption and access, while option C only restricts access based on geographic location, which is insufficient for comprehensive governance.