ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Subtask 3.2: Compliance DesignOrganization PolicyData ResidencyComplianceSecurity

GCP PCA · Question 27 · Compliance Design

A European healthcare company is migrating to GCP. Due to strict data sovereignty laws, no data or compute resources can be deployed outside of the europe-west3 (Frankfurt) region. You need to ensure that developers cannot accidentally spin up resources in US or Asian regions. What is the most robust way to enforce this?

Answer options:

A.

Remove IAM permissions for all regions except europe-west3 for all developers.

B.

Configure an Organization Policy with the 'Resource Location Restriction' constraint set to allow only europe-west3.

C.

Set up a Cloud Monitoring alert to notify the security team if a resource is created outside of europe-west3.

D.

Use VPC Service Controls to block network traffic from outside of Europe.

How to approach this question

Identify the GCP feature used for setting organizational guardrails and restrictions (Organization Policies).

Full Answer

B.Configure an Organization Policy with the 'Resource Location Restriction' constraint set to allow only europe-west3.✓ Correct
Configure an Organization Policy with the 'Resource Location Restriction' constraint set to allow only europe-west3.
The Organization Policy Service gives centralized control over your organization's cloud resources. By applying the 'Resource Location Restriction' constraint at the Organization or Folder level, you create a hard boundary. Even if a user has 'Owner' permissions on a project, the API will reject any request to create a resource outside of the specified region (europe-west3).

Common mistakes

Confusing IAM with Organization Policies. IAM is 'Who can do What'. Org Policies are 'What can be done Where/How'.
26All questions28

Practice the full GCP Professional Cloud Architect Practice Exam 7

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...HardQ02CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ03CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ04CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ05CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...Medium
View all 50 questions →