Question 1

CASE STUDY: HealthData Inc

Overview:
Industry: Healthcare Analytics
Size: 1000 employees

Environment:
- Co-located data center
- Hadoop cluster
- SFTP servers
- 50 TB patient data

Requirements:
- ML models for diagnostics
- Secure data sharing portals
- Break data silos

Exec Statements:
- CEO: Need compute for ML.
- CRO: HIPAA compliance is top priority.
- CTO: Managed services needed to replace Hadoop.

Tech Reqs:
- Strict HIPAA compliance
- Automated PHI de-identification
- Comprehensive audit logging
- CMEK
- Network isolation (no public internet)

Constraints:
- US data sovereignty
- 7-year retention (immutable)
- Easy auditor access

QUESTION: How should you enforce the network isolation requirement to ensure that patient data in Cloud Storage and BigQuery cannot be accessed from the public internet?

Accepted Answer

Identify the GCP security feature designed to mitigate data exfiltration risks for managed services.

Question 2

What mistakes do candidates make on this GCP PCA question?

Accepted Answer

Confusing IAM (identity-based access) with VPC-SC (network-based access). IAM checks *who* you are; VPC-SC checks *where* you are coming from.

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 6

More questions from this exam