ExpertThis question is part of a case study — click to read the full scenario(Case 16)
CASE STUDY: MediSecure
Overview: Telehealth provider, 1500 employees, $300M revenue. Core app on AWS, 3 acquired clinics on VMware, fragmented EHRs, Active Directory.
Business Req: Unify patient records, integrate clinics in 90 days, launch patient portal.
Execs: CEO wants rapid integration; CFO wants CapEx to OpEx; CISO demands strict HIPAA/GDPR compliance.
Tech Req: End-to-end PHI encryption, comprehensive audit logging, hybrid connectivity to clinics, DR (RPO 5m, RTO 1h).
Constraints: Clinics have low bandwidth, high staff turnover requires automated IAM, legacy EHRs cannot be modified immediately.
QUESTION:
To meet the 90-day integration timeline and address the low bandwidth at the clinics, how should you establish hybrid connectivity to GCP?
GCP PCA · Question 17 · Security Design
CASE STUDY: MediSecure
Overview: Telehealth provider, 1500 employees, $300M revenue. Core app on AWS, 3 acquired clinics on VMware, fragmented EHRs, Active Directory.
Business Req: Unify patient records, integrate clinics in 90 days, launch patient portal.
Execs: CEO wants rapid integration; CFO wants CapEx to OpEx; CISO demands strict HIPAA/GDPR compliance.
Tech Req: End-to-end PHI encryption, comprehensive audit logging, hybrid connectivity to clinics, DR (RPO 5m, RTO 1h).
Constraints: Clinics have low bandwidth, high staff turnover requires automated IAM, legacy EHRs cannot be modified immediately.
QUESTION:
To satisfy the CISO's requirement for strict HIPAA compliance and control over PHI encryption, which encryption strategy should you use for data at rest in Cloud Storage?
CASE STUDY: MediSecure
Overview: Telehealth provider, 1500 employees, $300M revenue. Core app on AWS, 3 acquired clinics on VMware, fragmented EHRs, Active Directory.
Business Req: Unify patient records, integrate clinics in 90 days, launch patient portal.
Execs: CEO wants rapid integration; CFO wants CapEx to OpEx; CISO demands strict HIPAA/GDPR compliance.
Tech Req: End-to-end PHI encryption, comprehensive audit logging, hybrid connectivity to clinics, DR (RPO 5m, RTO 1h).
Constraints: Clinics have low bandwidth, high staff turnover requires automated IAM, legacy EHRs cannot be modified immediately.
QUESTION:
To satisfy the CISO's requirement for strict HIPAA compliance and control over PHI encryption, which encryption strategy should you use for data at rest in Cloud Storage?
Answer options:
Google-Managed Encryption Keys (GMEK).
Customer-Managed Encryption Keys (CMEK) using Cloud KMS.
Customer-Supplied Encryption Keys (CSEK).
Client-side encryption using a custom Python script before uploading.
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Professional Cloud Architect Practice Exam 5
50 questions · hints · full answers · grading