ExpertThis question is part of a case study — click to read the full scenario(Case 16)
CASE STUDY: HealthSecure
Company Overview:
HealthSecure provides electronic health record (EHR) systems and telemedicine platforms to hospitals across North America. They handle highly sensitive patient data.
Current Technical Environment:
- Co-located data centers with strict physical security.
- Monolithic .NET applications running on Windows Server.
- Microsoft SQL Server databases.
- Custom-built video streaming solution for telemedicine.
Business Requirements:
- Migrate to the cloud to improve scalability during telemedicine surges.
- Maintain strict compliance with HIPAA and HITECH regulations.
- Enable interoperability with other healthcare providers using FHIR standards.
Executive Statements:
- CEO: "Telemedicine is exploding. We need to scale instantly to meet patient demand."
- Chief Risk Officer (CRO): "Security and compliance are our license to operate. A data breach would destroy us."
- CTO: "We want to leverage cloud-native AI/ML for medical image analysis in the future."
Technical Requirements:
- End-to-end encryption for all data at rest and in transit.
- Strict network isolation to prevent data exfiltration.
- Comprehensive audit logging of all data access.
- High availability across multiple regions.
Constraints:
- Must use Customer-Managed Encryption Keys (CMEK).
- Third-party auditors require detailed compliance reports.
- Legacy .NET applications cannot be easily containerized without refactoring.
QUESTION:
To meet the CRO's requirement for strict network isolation and prevent data exfiltration of sensitive patient records, which GCP security feature must be implemented?
GCP PCA · Question 18 · Compliance Design
CASE STUDY: HealthSecure
Company Overview:
HealthSecure provides electronic health record (EHR) systems and telemedicine platforms to hospitals across North America. They handle highly sensitive patient data.
Current Technical Environment:
- Co-located data centers with strict physical security.
- Monolithic .NET applications running on Windows Server.
- Microsoft SQL Server databases.
- Custom-built video streaming solution for telemedicine.
Business Requirements:
- Migrate to the cloud to improve scalability during telemedicine surges.
- Maintain strict compliance with HIPAA and HITECH regulations.
- Enable interoperability with other healthcare providers using FHIR standards.
Executive Statements:
- CEO: "Telemedicine is exploding. We need to scale instantly to meet patient demand."
- Chief Risk Officer (CRO): "Security and compliance are our license to operate. A data breach would destroy us."
- CTO: "We want to leverage cloud-native AI/ML for medical image analysis in the future."
Technical Requirements:
- End-to-end encryption for all data at rest and in transit.
- Strict network isolation to prevent data exfiltration.
- Comprehensive audit logging of all data access.
- High availability across multiple regions.
Constraints:
- Must use Customer-Managed Encryption Keys (CMEK).
- Third-party auditors require detailed compliance reports.
- Legacy .NET applications cannot be easily containerized without refactoring.
QUESTION:
To meet the requirement for comprehensive audit logging of all data access for third-party auditors, what must you configure?
CASE STUDY: HealthSecure
Company Overview:
HealthSecure provides electronic health record (EHR) systems and telemedicine platforms to hospitals across North America. They handle highly sensitive patient data.
Current Technical Environment:
- Co-located data centers with strict physical security.
- Monolithic .NET applications running on Windows Server.
- Microsoft SQL Server databases.
- Custom-built video streaming solution for telemedicine.
Business Requirements:
- Migrate to the cloud to improve scalability during telemedicine surges.
- Maintain strict compliance with HIPAA and HITECH regulations.
- Enable interoperability with other healthcare providers using FHIR standards.
Executive Statements:
- CEO: "Telemedicine is exploding. We need to scale instantly to meet patient demand."
- Chief Risk Officer (CRO): "Security and compliance are our license to operate. A data breach would destroy us."
- CTO: "We want to leverage cloud-native AI/ML for medical image analysis in the future."
Technical Requirements:
- End-to-end encryption for all data at rest and in transit.
- Strict network isolation to prevent data exfiltration.
- Comprehensive audit logging of all data access.
- High availability across multiple regions.
Constraints:
- Must use Customer-Managed Encryption Keys (CMEK).
- Third-party auditors require detailed compliance reports.
- Legacy .NET applications cannot be easily containerized without refactoring.
QUESTION:
To meet the requirement for comprehensive audit logging of all data access for third-party auditors, what must you configure?
Answer options:
Admin Activity audit logs are enabled by default and provide sufficient detail for data access.
Enable Data Access audit logs for all relevant GCP services in Cloud Audit Logs.
Install the Ops Agent on all VMs to capture application logs and export them to BigQuery.
Use VPC Flow Logs to track all IP addresses accessing the database.
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Professional Cloud Architect Practice Exam 7
50 questions · hints · full answers · grading