ExpertThis question is part of a case study — click to read the full scenario(Case 11)
CASE STUDY: HealthData Corp
Overview: Healthcare SaaS managing 10PB of sensitive patient records and imaging.
Business: Strict HIPAA/SOC 2 compliance, ransomware protection, secure sharing of anonymized data with researchers, robust DR.
Executives:
- CEO: "Trust is our product. Zero tolerance for breaches."
- CFO: "Storage costs growing exponentially. Need lifecycle management."
- CISO: "Zero-trust architecture, end-to-end encryption."
Tech: RPO 15m, RTO 2h for core DB. All data CMEK encrypted. Strict access controls, audit logging. Prevent data exfiltration.
Constraints: Images retained 7 years but rarely accessed after 90 days. Researchers use external identities. No public IPs on compute.
How should you design the network security architecture to prevent data exfiltration, even if an employee's credentials are compromised?
GCP PCA · Question 13 · Domain 2: Managing and Provisioning a Solution Infrastructure
CASE STUDY: HealthData Corp
Overview: Healthcare SaaS managing 10PB of sensitive patient records and imaging.
Business: Strict HIPAA/SOC 2 compliance, ransomware protection, secure sharing of anonymized data with researchers, robust DR.
Executives:
- CEO: "Trust is our product. Zero tolerance for breaches."
- CFO: "Storage costs growing exponentially. Need lifecycle management."
- CISO: "Zero-trust architecture, end-to-end encryption."
Tech: RPO 15m, RTO 2h for core DB. All data CMEK encrypted. Strict access controls, audit logging. Prevent data exfiltration.
Constraints: Images retained 7 years but rarely accessed after 90 days. Researchers use external identities. No public IPs on compute.
To address the CFO's cost concerns and the ransomware protection requirement, how should you configure the Cloud Storage buckets for medical imaging?
CASE STUDY: HealthData Corp
Overview: Healthcare SaaS managing 10PB of sensitive patient records and imaging.
Business: Strict HIPAA/SOC 2 compliance, ransomware protection, secure sharing of anonymized data with researchers, robust DR.
Executives:
- CEO: "Trust is our product. Zero tolerance for breaches."
- CFO: "Storage costs growing exponentially. Need lifecycle management."
- CISO: "Zero-trust architecture, end-to-end encryption."
Tech: RPO 15m, RTO 2h for core DB. All data CMEK encrypted. Strict access controls, audit logging. Prevent data exfiltration.
Constraints: Images retained 7 years but rarely accessed after 90 days. Researchers use external identities. No public IPs on compute.
To address the CFO's cost concerns and the ransomware protection requirement, how should you configure the Cloud Storage buckets for medical imaging?
Answer options:
Use Standard Storage for all 7 years to ensure fast access, and take daily snapshots of the bucket.
Enable Object Versioning for ransomware protection, and create a Lifecycle Rule to move objects to Archive storage after 90 days.
Store all data in Coldline storage immediately, and use Bucket Lock to prevent deletion.
Use Persistent Disks attached to Compute Engine instances and use snapshot schedules.
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Professional Cloud Architect Practice Exam 4
50 questions · hints · full answers · grading