Answer: Limit the physical location of a new resource with the Organization Policy Service "resource locations constraint.", Limit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications.

The question requires selecting two actions to implement GDPR compliance focusing on data residency and operational sovereignty in the EU. Option A (Organization Policy Service 'resource locations constraint') directly addresses data residency by restricting resource deployment to EU locations, ensuring data remains within the EU. Option C (Key Access Justifications) supports operational sovereignty by limiting Google personnel access based on attributes like citizenship or geographic location, aligning with GDPR's requirement to control data access. While Option D (identity federation) could help restrict access from non-EU entities, it is less directly tied to data residency and operational sovereignty compared to A and C. Options B and E (Cloud IDS and VPC Flow Logs) focus on traffic monitoring, which does not inherently enforce data residency or sovereignty. The community discussion, with 89% consensus and upvoted comments, strongly supports A and C, citing Google documentation on data residency and sovereignty frameworks.

Author: LeetQuiz Editorial Team