Explanation:
The correct answer is A because it directly addresses both requirements: data residency (payloads only in europe-west1 and europe-west4) and high availability. User-managed replication policy allows explicit selection of specific regions for replication, ensuring secrets are stored only in the compliant locations while maintaining high availability across those regions. Option B is incorrect because automatic replication policy replicates secrets across all Google Cloud regions by default, violating data residency requirements. Option C is inefficient as it requires managing multiple secrets instead of a single secret with proper replication. Option D is insufficient because organizational policies can restrict secret creation but don't control where automatic replication stores payloads, which would still occur across all regions.
Ultimate access to all questions.
You need to ensure your Google Cloud Secret Manager secrets are highly available and store their payloads only in the europe-west1 and europe-west4 regions to meet data residency requirements. What should you do?
A
Create your secret with a user managed replication policy, and choose only compliant locations.
B
Create your secret with an automatic replication policy, and choose only compliant locations.
C
Create two secrets by using Terraform, one in europe-west1 and the other in europe-west4.
D
Create your secret with an automatic replication policy, and create an organizational policy to deny secret creation in non-compliant locations.
No comments yet.