CASE STUDY: HealthData Corp
Overview: Healthcare SaaS managing 10PB of sensitive patient records and imaging.
Business: Strict HIPAA/SOC 2 compliance, ransomware protection, secure sharing of anonymized data with researchers, robust DR.
Executives:
How should you design the network security architecture to prevent data exfiltration, even if an employee's credentials are compromised?
GCP PCA · Question 12 · Domain 3: Designing for Security and Compliance
CASE STUDY: HealthData Corp
Overview: Healthcare SaaS managing 10PB of sensitive patient records and imaging.
Business: Strict HIPAA/SOC 2 compliance, ransomware protection, secure sharing of anonymized data with researchers, robust DR.
Executives:
How should you configure access for the external medical researchers to securely analyze the anonymized data?
Answer options:
Create Google Workspace accounts for all researchers and enforce MFA.
Generate long-lived Service Account JSON keys and email them securely to the researchers.
Use Workload Identity Federation to allow researchers to authenticate using their external Identity Provider (IdP) without creating Google Workspace accounts.
Make the Cloud Storage bucket containing anonymized data public, but use an unguessable URL.
50 questions · hints · full answers · grading
Expert