Answer-first summary for fast verification
Answer: Use features like customer-managed encryption keys (CMEK), VPC Service Controls, and Identity and Access Management (IAM) policies.
To address the requirements of data residency, encryption key control, and access governance, the most comprehensive solution is to utilize Google Cloud's features designed for these purposes. Option D suggests using customer-managed encryption keys (CMEK) for controlling where encryption keys are stored, VPC Service Controls to configure where data is stored by restricting access to specific locations, and Identity and Access Management (IAM) policies to govern access to data. This approach directly addresses all three requirements without the need for complex application changes or compromising on data residency requirements by keeping data on-premises. Options A, B, and C either partially address the requirements or introduce unnecessary complexity and limitations.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How can you configure Cloud SQL for PostgreSQL to meet data residency requirements by managing data storage locations, encryption key locations, and data access controls when migrating on-premises PostgreSQL instances?
A
Replicate Cloud SQL databases across different zones.
B
Create a Cloud SQL for PostgreSQL instance on Google Cloud for the data that does not need to adhere to data residency requirements. Keep the data that must adhere to data residency requirements on-premises. Make application changes to support both databases.
C
Allow application access to data only if the users are in the same region as the Google Cloud region for the Cloud SQL for PostgreSQL database.
D
Use features like customer-managed encryption keys (CMEK), VPC Service Controls, and Identity and Access Management (IAM) policies.