ExpertThis question is part of a case study — click to read the full scenario(Case 06)
CASE STUDY: TrendWear Apparel
Company Overview:
TrendWear Apparel is a global clothing retailer with an e-commerce platform and 500 physical stores.
Current Technical Environment:
- On-premises VMware environment
- Legacy IBM Mainframe for core inventory management
- Monolithic e-commerce application running on VMs
Business Requirements:
- Modernize the e-commerce platform to handle Black Friday (10x normal traffic)
- Unify online and in-store inventory data in real-time
- Avoid major capital expenditure (CapEx) for data center refreshes
Executive Statements:
- CEO: "We need an omnichannel experience. Customers should see accurate store inventory online."
- CFO: "We must shift from CapEx to OpEx. No more buying hardware."
- CTO: "We want to move to microservices, but we cannot retire the mainframe for at least 3 years due to complex legacy dependencies."
Technical Requirements:
- Hybrid architecture connecting GCP and on-premises
- Microservices architecture for the new e-commerce platform
- PCI-DSS compliance for all payment processing
- Consistent management plane across on-prem and cloud
Constraints:
- Mainframe must remain on-premises
- E-commerce migration must be completed before the next holiday season (8 months)
QUESTION:
Based on the CTO's requirement for a consistent management plane across on-premises and the cloud, and the need to modernize to microservices while keeping the mainframe, which compute architecture should you recommend?
GCP PCA · Question 09 · Domain 4: Analyzing and Optimizing Technical and Business Processes
CASE STUDY: TrendWear Apparel
Company Overview:
TrendWear Apparel is a global clothing retailer with an e-commerce platform and 500 physical stores.
Current Technical Environment:
- On-premises VMware environment
- Legacy IBM Mainframe for core inventory management
- Monolithic e-commerce application running on VMs
Business Requirements:
- Modernize the e-commerce platform to handle Black Friday (10x normal traffic)
- Unify online and in-store inventory data in real-time
- Avoid major capital expenditure (CapEx) for data center refreshes
Executive Statements:
- CEO: "We need an omnichannel experience. Customers should see accurate store inventory online."
- CFO: "We must shift from CapEx to OpEx. No more buying hardware."
- CTO: "We want to move to microservices, but we cannot retire the mainframe for at least 3 years due to complex legacy dependencies."
Technical Requirements:
- Hybrid architecture connecting GCP and on-premises
- Microservices architecture for the new e-commerce platform
- PCI-DSS compliance for all payment processing
- Consistent management plane across on-prem and cloud
Constraints:
- Mainframe must remain on-premises
- E-commerce migration must be completed before the next holiday season (8 months)
QUESTION:
To ensure the security of the new microservices, the CTO wants to guarantee that only container images built by the official CI/CD pipeline and scanned for vulnerabilities can be deployed to GKE. How should you implement this?
CASE STUDY: TrendWear Apparel
Company Overview:
TrendWear Apparel is a global clothing retailer with an e-commerce platform and 500 physical stores.
Current Technical Environment:
- On-premises VMware environment
- Legacy IBM Mainframe for core inventory management
- Monolithic e-commerce application running on VMs
Business Requirements:
- Modernize the e-commerce platform to handle Black Friday (10x normal traffic)
- Unify online and in-store inventory data in real-time
- Avoid major capital expenditure (CapEx) for data center refreshes
Executive Statements:
- CEO: "We need an omnichannel experience. Customers should see accurate store inventory online."
- CFO: "We must shift from CapEx to OpEx. No more buying hardware."
- CTO: "We want to move to microservices, but we cannot retire the mainframe for at least 3 years due to complex legacy dependencies."
Technical Requirements:
- Hybrid architecture connecting GCP and on-premises
- Microservices architecture for the new e-commerce platform
- PCI-DSS compliance for all payment processing
- Consistent management plane across on-prem and cloud
Constraints:
- Mainframe must remain on-premises
- E-commerce migration must be completed before the next holiday season (8 months)
QUESTION:
To ensure the security of the new microservices, the CTO wants to guarantee that only container images built by the official CI/CD pipeline and scanned for vulnerabilities can be deployed to GKE. How should you implement this?
Answer options:
Use Cloud Build to create images, store them in Artifact Registry, and use Binary Authorization to enforce deployment policies on GKE.
Store images in Container Registry and configure IAM permissions so only the Cloud Build service account can push to GKE.
Use Security Command Center to scan running containers and automatically delete any that have vulnerabilities.
Implement a Kubernetes Mutating Admission Webhook to inject security sidecars into every pod.
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Professional Cloud Architect Practice Exam 3
50 questions · hints · full answers · grading