Google Cloud Professional Cloud Security Engineer Practice Exam

How can an organization ensure that customer data at rest adheres to specific geographic boundaries on Google Cloud?

• A. Using Data Loss Prevention services
• B. Implementing Organization Policy Service constraints
• C. Configuring Cloud Storage locations
• D. Utilizing Compute Engine geographic zones

The correct answer is: Implementing Organization Policy Service constraints

To ensure that customer data at rest adheres to specific geographic boundaries on Google Cloud, implementing Organization Policy Service constraints is the most effective method. This approach allows organizations to set policies that enforce where resources can be created and how data can be stored across different regions. By defining geographic boundaries through policy constraints, organizations can restrict the locations where data can reside, thereby ensuring compliance with regulatory requirements or internal governance. For instance, an organization might specify that certain data types must only be stored in specific geographic locations (such as within a particular country or region). The Organization Policy Service enables centralized management of these policies across projects, providing streamlined control over resource placement. While other options may support broader data management practices, they do not directly address the enforcement of geographic boundaries for data at rest. Utilizing Data Loss Prevention services focuses on identifying and protecting sensitive information rather than enforcing location-based policies. Configuring Cloud Storage locations does allow organizations to choose where data is stored, but without organization-wide policies, individual configurations may not guarantee compliance across all data sets. Utilizing Compute Engine geographic zones pertains more to compute resource placement rather than storage of data, which is not relevant to the question about data at rest.