Google Cloud Professional Cloud Security Engineer — Question 192

Your organization has a workload that is regulated by European laws. You must restrict the creation of resources outside of the EU for this specific workload. You must find an effective way to implement this security control without disrupting the other global applications. What should you do?

Answer options

• A. Create a Cloud Function triggered at asset creation that detects and deletes resources outside of the EU.
• B. Create all your workload’s assets in a regional subnet in the EU in one project or folder.
• C. Segment your workload in the EU in one project or folder by using VPC Service Controls.
• D. Implement an organization policy that only allows the EU as the location for your workload’s project or folder.

Correct answer: D

Explanation

The correct answer is D because implementing an organization policy restricts resource creation to the EU, ensuring compliance with European laws. Options A and C focus on managing resources after they are created, which may not be effective in preventing non-compliant resource creation. Option B does not enforce a restriction but rather suggests a method of organization without ensuring compliance.