CASE STUDY: HealthCare360
Company Overview: HealthCare360 provides EHR systems to hospitals in NA and EU.
Current Environment: Isolated on-prem deployments. Fragmented data.
Business Requirements: Centralize EHR in cloud. Enable cross-hospital research. Ensure compliance.
Executive Statements: CEO: 'Transforming to SaaS.' CFO: 'Need cost attribution per tenant.' CSO: 'Zero compromise on HIPAA/GDPR.'
Technical Requirements: Multi-region active-active deployment. Microservices on GKE. End-to-end encryption (CMEK). Strict network perimeters.
Constraints: Zero data loss (RPO=0). RTO < 15 minutes. HIPAA (US) and GDPR (EU) compliance.
QUESTION:
To meet the requirement for a multi-region active-active deployment with an RPO of 0, which TWO database architectures could you use? (Select TWO)
GCP PCA · Question 17 · Compute Systems
CASE STUDY: HealthCare360
Company Overview: HealthCare360 provides EHR systems to hospitals in NA and EU.
Current Environment: Isolated on-prem deployments. Fragmented data.
Business Requirements: Centralize EHR in cloud. Enable cross-hospital research. Ensure compliance.
Executive Statements: CEO: 'Transforming to SaaS.' CFO: 'Need cost attribution per tenant.' CSO: 'Zero compromise on HIPAA/GDPR.'
Technical Requirements: Multi-region active-active deployment. Microservices on GKE. End-to-end encryption (CMEK). Strict network perimeters.
Constraints: Zero data loss (RPO=0). RTO < 15 minutes. HIPAA (US) and GDPR (EU) compliance.
QUESTION:
How should you configure the GKE clusters to ensure the highest level of network security and isolation for the microservices?
Answer options:
Deploy Public GKE clusters and use Node Service Accounts with broad permissions.
Deploy Private GKE clusters and use Workload Identity to grant microservices access to GCP APIs.
Deploy GKE clusters in the default VPC and export service account keys as Kubernetes Secrets.
Use Cloud Run instead of GKE to avoid managing network security.
50 questions · hints · full answers · grading
Expert