exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam

Exam Professional Cloud Security Engineer topic 1 question 272 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 272
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You work for a global company. Due to compliance requirements, certain Compute Engine instances that reside within specific projects must be located exclusively in cloud regions within the European Union (EU). You need to ensure that existing non-compliant workloads are remediated and prevent future Compute Engine instances from being launched in restricted regions. What should you do?

  • A. Use a third-party configuration management tool to monitor the location of Compute Engine instances. Automatically delete or migrate non-compliant instances, including existing deployments.
  • B. Deploy a Security Command Center source to detect Compute Engine instances created outside the EU. Use a custom remediation function to automatically relocate the instances, run the function once a day.
  • C. Use organization policy constraints in Resource Manager to enforce allowed regions for Compute Engine instance creation within specific projects.
  • D. Set an organization policy that denies the creation of Compute Engine instances outside the EU. Apply the policy to the appropriate projects. Identify existing non-compliant instances and migrate the instances to compliant EU regions.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Pime13
4 months, 3 weeks ago
Selected Answer: D
https://cloud.google.com/resource-manager/docs/organization-policy/defining-locations-supported-services#compute-engine For example, an instance template is a global resource, but you might specify regional or zonal disks in an instance template. Those disks are subject to the resource locations constraints, so, in your instance template, you must specify disks in regions and zones that your org policy permits.
upvoted 1 times
...
Zek
4 months, 3 weeks ago
Selected Answer: D
https://cloud.google.com/resource-manager/docs/organization-policy/defining-locations-supported-services
upvoted 1 times
...
MoAk
5 months ago
Selected Answer: D
https://cloud.google.com/resource-manager/docs/organization-policy/defining-locations-supported-services
upvoted 1 times
...
yokoyan
7 months, 3 weeks ago
Selected Answer: D
I think it's D.
upvoted 3 times
MoAk
5 months ago
https://cloud.google.com/resource-manager/docs/organization-policy/defining-locations-supported-services
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago