GCP Professional Cloud Security Engineer Practice Question
An online banking platform subject to GDPR must process personal data exclusively within Germany. Their risk-analytics application requires 64 vCPUs, 512 GB of RAM, and must run on Google Confidential VMs for in-memory encryption. As the security engineer, which Compute Engine deployment best satisfies both the compliance mandate and the technical requirements while keeping management effort low?
Provision a GKE Autopilot cluster in europe-west3 with shielded nodes and auto-provisioned node pools.
Deploy the service on App Engine flexible environment in the europe-west EU multi-region and encrypt data at rest with customer-managed keys.
Create a Compute Engine n2d-highmem-64 Confidential VM in europe-west3 and enforce the gcp.resourceLocations organization policy to restrict all projects to that region.
Create a Compute Engine n2-highmem-64 Confidential VM in europe-west1 and protect the project with VPC Service Controls to prevent data egress.
Confidential VMs are only supported on N2D and C2D machine types. An n2d-highmem-64 instance provides 64 vCPUs and 512 GB of RAM and can run as a Confidential VM. Deploying it in europe-west3 (Frankfurt) ensures that processing remains within Germany, meeting the GDPR data-residency requirement. Adding the gcp.resourceLocations organization policy locks all resources to that region, reducing the risk of accidental deployment elsewhere and limiting ongoing administrative work.
The second option chooses europe-west1 (Belgium), so data could leave Germany and violate the residency mandate. The third option uses App Engine flexible in the EU multi-region, which replicates workloads across multiple EU countries and does not support Confidential VMs. The fourth option relies on GKE Autopilot, which currently does not offer Confidential VM nodes, so it cannot meet the in-memory encryption requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Google Confidential VMs and why are they used?
Open an interactive chat with Bash
What is the gcp.resourceLocations organization policy and how does it help secure data?
Open an interactive chat with Bash
Why are N2D and C2D machine types required for Confidential VMs?
Open an interactive chat with Bash
What are Google Confidential VMs?
Open an interactive chat with Bash
What is the gcp.resourceLocations organization policy?
Open an interactive chat with Bash
Why is GDPR compliance important in cloud environments?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Supporting compliance requirements
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .