Answer-first summary for fast verification
Answer: Use the org policy constraint 'Google Cloud Platform – Resource Location Restriction' on your Google Cloud organization node.
Option B is the correct answer because the 'Google Cloud Platform – Resource Location Restriction' organization policy constraint directly enforces geographic restrictions on where resources can be created across the entire organization, which aligns with GDPR compliance requirements for data residency in Europe. This provides a centralized, enforceable control mechanism. Option A (IAP with Access Context Manager) focuses on access control based on user context rather than resource location restrictions. Option C ('Restrict Resource Service Usage') controls which services can be used, not where resources are located. Option D (IAM custom roles) manages permissions but cannot enforce geographic location restrictions for resource creation, as IAM controls what actions users can perform, not where those actions can be executed.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization is pursuing GDPR compliance and needs to ensure DevOps teams can only provision Google Cloud resources within Europe regions. What should you do?
A
Use Identity-Aware Proxy (IAP) with Access Context Manager to restrict the location of Google Cloud resources.
B
Use the org policy constraint 'Google Cloud Platform – Resource Location Restriction' on your Google Cloud organization node.
C
Use the org policy constraint 'Restrict Resource Service Usage' on your Google Cloud organization node.
D
Use Identity and Access Management (IAM) custom roles to ensure that your DevOps team can only create resources in the Europe regions.
No comments yet.