A multinational healthcare provider plans to build a new analytics platform on Google Cloud that will process sensitive personal health data of EU residents. Regulations state that all data and Google support operations must remain within EU boundaries. The company also wants to avoid writing and maintaining custom organization-policy code. What is the most appropriate way to meet these requirements?
Apply a gcp.resourceLocations organization policy restricting resources to EU zones and enable Cloud DLP to protect sensitive data.
Create the project inside an Assured Workloads folder that uses the "EU Regions and Support" compliance regime; deploy all BigQuery and Cloud Storage resources only in EU regions.
Create the project in a standard folder, store data in an EU multiregional Cloud Storage bucket, and use Cloud Armor to block non-EU IP ranges from accessing the project.
Use VPC Service Controls to isolate the project perimeter and configure customer-managed encryption keys (CMEK) stored in an EU Cloud KMS key ring.
Creating the project inside an Assured Workloads environment that is configured for the "EU Regions and Support" compliance regime automatically enforces an organization policy that limits resource locations to EU regions and restricts Google personnel who can access the environment to EU locations. Because the Assured Workloads service manages and updates the underlying policies, the customer avoids the operational burden of manually maintaining custom organization constraints. Simply setting gcp.resourceLocations, using VPC Service Controls, or relying on CMEK and IP filtering do not provide the guarantee that Google support staff will be EU-based, nor do they automatically maintain the required constraints across all resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Assured Workloads in Google Cloud?
Open an interactive chat with Bash
What is the 'EU Regions and Support' compliance regime?
Open an interactive chat with Bash
How does Assured Workloads differ from using custom organization policies?
Open an interactive chat with Bash
What are Assured Workloads in Google Cloud?
Open an interactive chat with Bash
What is the 'EU Regions and Support' compliance regime?
Open an interactive chat with Bash
Why can't VPC Service Controls or customer-managed encryption keys meet the requirements in this scenario?
Open an interactive chat with Bash
GCP Professional Data Engineer
Designing data processing systems
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .