Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Set an organization policy that denies the creation of Compute Engine instances outside the EU. Apply the policy to the appropriate projects. Identify existing non-compliant instances and migrate the instances to compliant EU regions.

Option D is the correct answer because it comprehensively addresses both requirements: preventing future non-compliant Compute Engine instance creation using organization policies and remediating existing non-compliant instances through migration. Organization policies are the native Google Cloud mechanism for enforcing location constraints, as documented in Google's resource location constraints documentation. The community discussion unanimously supports D with 100% consensus and references to official Google documentation. Option A uses third-party tools unnecessarily when native Google Cloud solutions exist. Option B relies on Security Command Center detection with delayed remediation (once daily), which doesn't provide real-time prevention. Option C only prevents future creation but doesn't address existing non-compliant instances, failing the remediation requirement.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

You have a global company with compliance requirements mandating that specific Compute Engine instances in certain projects must only be located within EU cloud regions. You need to remediate existing non-compliant workloads and prevent the future creation of Compute Engine instances in restricted regions. What should you do?

Exam-Like

Use a third-party configuration management tool to monitor the location of Compute Engine instances. Automatically delete or migrate non-compliant instances, including existing deployments.

Deploy a Security Command Center source to detect Compute Engine instances created outside the EU. Use a custom remediation function to automatically relocate the instances, run the function once a day.

Use organization policy constraints in Resource Manager to enforce allowed regions for Compute Engine instance creation within specific projects.

Set an organization policy that denies the creation of Compute Engine instances outside the EU. Apply the policy to the appropriate projects. Identify existing non-compliant instances and migrate the instances to compliant EU regions.