Google Cloud Professional Data Engineer — Question 165

You are on the data governance team and are implementing security requirements to deploy resources. You need to ensure that resources are limited to only the europe-west3 region. You want to follow Google-recommended practices.

What should you do?

Answer options

• A. Set the constraints/gcp.resourceLocations organization policy constraint to in:europe-west3-locations.
• B. Deploy resources with Terraform and implement a variable validation rule to ensure that the region is set to the europe-west3 region for all resources.
• C. Set the constraints/gcp.resourceLocations organization policy constraint to in:eu-locations.
• D. Create a Cloud Function to monitor all resources created and automatically destroy the ones created outside the europe-west3 region.

Correct answer: A

Explanation

The correct answer is A because setting the constraints/gcp.resourceLocations organization policy constraint to in:europe-west3-locations directly restricts resource deployment to the specified region in line with Google-recommended practices. Option B is not sufficient as variable validation alone does not enforce policy at the organization level. Option C mistakenly includes a broader location that allows regions outside europe-west3, and option D, while monitoring resources, does not prevent the creation of resources outside the desired region initially.