CASE STUDY: HealthSecure. 50M patient records. Legacy mainframe, on-prem SAN (100TB), .NET portal. Req: Modernize portal, secure hospital sharing, fast audits. CEO: Modern UX. CFO: Automate audits. CISO: Zero breaches. Tech: HIPAA, CMEK, audit logging, API gateway, DR (1h RPO/4h RTO). Constraints: No public DB IPs, Dev/Ops separation, US data only, mainframe stays on-prem via VPN.
To meet the 1-hour RPO and 4-hour RTO for the modernized portal database, which architecture should you implement?
GCP PCA · Question 20 · Domain 5: Managing Implementation and Ensuring Solution and Operations Reliability
CASE STUDY: HealthSecure. 50M patient records. Legacy mainframe, on-prem SAN (100TB), .NET portal. Req: Modernize portal, secure hospital sharing, fast audits. CEO: Modern UX. CFO: Automate audits. CISO: Zero breaches. Tech: HIPAA, CMEK, audit logging, API gateway, DR (1h RPO/4h RTO). Constraints: No public DB IPs, Dev/Ops separation, US data only, mainframe stays on-prem via VPN.
How should you configure the database network to meet the constraint of 'No public DB IPs' while allowing the modernized portal to access it?
Answer options:
Deploy Cloud SQL with a public IP and restrict access via Authorized Networks.
Deploy Cloud SQL with a private IP only, using Private Services Access.
Use Cloud SQL Proxy over the public internet.
Place the database in a public subnet and use Cloud NAT.
50 questions · hints · full answers · grading
Expert