Answer-first summary for fast verification
Answer: Create your secret with a user managed replication policy, and choose only compliant locations.
The correct answer is A because it directly addresses both requirements: data residency (payloads only in europe-west1 and europe-west4) and high availability. User-managed replication policy allows explicit selection of specific regions for replication, ensuring secrets are stored only in the compliant locations while maintaining high availability across those regions. Option B is incorrect because automatic replication policy replicates secrets across all Google Cloud regions by default, violating data residency requirements. Option C is inefficient as it requires managing multiple secrets instead of a single secret with proper replication. Option D is insufficient because organizational policies can restrict secret creation but don't control where automatic replication stores payloads, which would still occur across all regions.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to ensure your Google Cloud Secret Manager secrets are highly available and store their payloads only in the europe-west1 and europe-west4 regions to meet data residency requirements. What should you do?
A
Create your secret with a user managed replication policy, and choose only compliant locations.
B
Create your secret with an automatic replication policy, and choose only compliant locations.
C
Create two secrets by using Terraform, one in europe-west1 and the other in europe-west4.
D
Create your secret with an automatic replication policy, and create an organizational policy to deny secret creation in non-compliant locations.
No comments yet.