Your organization wants to be compliant with the General Data Protection Regulation (GDPR) on Google Cloud. You must implement data residency and operational sovereignty in the EU.
What should you do? (Choose two.)
A.
Limit the physical location of a new resource with the Organization Policy Service "resource locations constraint."
B.
Use Cloud IDS to get east-west and north-south traffic visibility in the EU to monitor intra-VPC and inter-VPC communication.
C.
Limit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications.
D.
Use identity federation to limit access to Google Cloud resources from non-EU entities.
E.
Use VPC Flow Logs to monitor intra-VPC and inter-VPC traffic in the EU.
D: Identity federation allows you to integrate your existing identity provider (IdP) with Google Cloud. This enables users to access Google Cloud resources using their existing credentials from the IdP, ideally located within the EU. By configuring access controls within your IdP, you can restrict access to Google Cloud resources from non-EU entities.
Why not C?:
Doesn't address data location.
Doesn't restrict access from non-EU entities.
Isn't a data residency measure.
Isn't an operational sovereignty measure.
To be compliant with GDPR on Google Cloud and implement data residency and operational sovereignty in the EU, you can take the following two actions:
A. Limit the physical location of a new resource with the Organization Policy Service "resource locations constraint."
This will restrict the locations where resources in your Google Cloud organization can be deployed. You can configure this to only allow EU locations, ensuring that data remains within the EU.
C. Limit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications.
This can help you enforce operational sovereignty by controlling who has access to your data. Key Access Justifications can help you restrict Google personnel access based on certain attributes like geographic location, ensuring that only personnel based in the EU can access the data.
The correct answers are A and C.
A. Limit the physical location of a new resource with the Organization Policy Service "resource locations constraint." This will ensure that all new resources are created in the EU, which is required for data residency compliance with GDPR.
C. Limit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications. This will help to ensure that only Google personnel who are authorized to access EU data are able to do so.
C is incorrect. Key Access Justifications can be used to limit access to specific keys, but they do not prevent Google personnel from accessing other data in your Google Cloud environment.
A and D are the right answers, imo
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Andrei_Z
Highly Voted 1 year, 1 month agoPotatoe2023
Most Recent 5 months, 4 weeks agoBettoxicity
6 months, 3 weeks agoArizonaClassics
1 year, 1 month agoArizonaClassics
1 year, 1 month agoGCBC
1 year, 1 month agocyberpunk21
1 year, 2 months agoITIFR78
1 year, 2 months agopfilourenco
1 year, 2 months agoarpgaur
1 year, 2 months ago