Google Cloud Professional Cloud Security Engineer — Question 119

Your organization wants to be General Data Protection Regulation (GDPR) compliant. You want to ensure that your DevOps teams can only create Google Cloud resources in the Europe regions.

What should you do?

Answer options

• A. Use Identity-Aware Proxy (IAP) with Access Context Manager to restrict the location of Google Cloud resources.
• B. Use the org policy constraint 'Google Cloud Platform – Resource Location Restriction' on your Google Cloud organization node.
• C. Use the org policy constraint 'Restrict Resource Service Usage' on your Google Cloud organization node.
• D. Use Identity and Access Management (IAM) custom roles to ensure that your DevOps team can only create resources in the Europe regions.

Correct answer: B

Explanation

The correct answer is B because the 'Google Cloud Platform – Resource Location Restriction' org policy constraint directly enforces location-based restrictions on resource creation. Option A focuses on access control, which doesn't inherently limit resource creation locations. Option C addresses service usage but does not specifically limit resource locations, and Option D does not provide a comprehensive mechanism for enforcing location restrictions at the organizational level.