Google Cloud Professional Cloud Security Engineer — Question 133

Your organization wants to be compliant with the General Data Protection Regulation (GDPR) on Google Cloud. You must implement data residency and operational sovereignty in the EU.

What should you do? (Choose two.)

Answer options

• A. Limit the physical location of a new resource with the Organization Policy Service "resource locations constraint."
• B. Use Cloud IDS to get east-west and north-south traffic visibility in the EU to monitor intra-VPC and inter-VPC communication.
• C. Limit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications.
• D. Use identity federation to limit access to Google Cloud resources from non-EU entities.
• E. Use VPC Flow Logs to monitor intra-VPC and inter-VPC traffic in the EU.

Correct answer: A, C

Explanation

The correct answers are A and C because A ensures that resources are physically located within the EU, thus satisfying data residency requirements, while C restricts access based on personnel attributes, enhancing operational sovereignty. Options B, D, and E do not directly address the specific requirements of data residency and operational sovereignty as outlined by GDPR.