ExpertThis question is part of a case study — click to read the full scenario(Case 16)
CASE STUDY: HealthSecure
Company Overview:
HealthSecure provides electronic health record (EHR) systems and telemedicine platforms to hospitals across North America. They handle highly sensitive patient data.
Current Technical Environment:
- Co-located data centers with strict physical security.
- Monolithic .NET applications running on Windows Server.
- Microsoft SQL Server databases.
- Custom-built video streaming solution for telemedicine.
Business Requirements:
- Migrate to the cloud to improve scalability during telemedicine surges.
- Maintain strict compliance with HIPAA and HITECH regulations.
- Enable interoperability with other healthcare providers using FHIR standards.
Executive Statements:
- CEO: "Telemedicine is exploding. We need to scale instantly to meet patient demand."
- Chief Risk Officer (CRO): "Security and compliance are our license to operate. A data breach would destroy us."
- CTO: "We want to leverage cloud-native AI/ML for medical image analysis in the future."
Technical Requirements:
- End-to-end encryption for all data at rest and in transit.
- Strict network isolation to prevent data exfiltration.
- Comprehensive audit logging of all data access.
- High availability across multiple regions.
Constraints:
- Must use Customer-Managed Encryption Keys (CMEK).
- Third-party auditors require detailed compliance reports.
- Legacy .NET applications cannot be easily containerized without refactoring.
QUESTION:
To meet the CRO's requirement for strict network isolation and prevent data exfiltration of sensitive patient records, which GCP security feature must be implemented?
GCP PCA · Question 19 · Business Requirements
CASE STUDY: HealthSecure
Company Overview:
HealthSecure provides electronic health record (EHR) systems and telemedicine platforms to hospitals across North America. They handle highly sensitive patient data.
Current Technical Environment:
- Co-located data centers with strict physical security.
- Monolithic .NET applications running on Windows Server.
- Microsoft SQL Server databases.
- Custom-built video streaming solution for telemedicine.
Business Requirements:
- Migrate to the cloud to improve scalability during telemedicine surges.
- Maintain strict compliance with HIPAA and HITECH regulations.
- Enable interoperability with other healthcare providers using FHIR standards.
Executive Statements:
- CEO: "Telemedicine is exploding. We need to scale instantly to meet patient demand."
- Chief Risk Officer (CRO): "Security and compliance are our license to operate. A data breach would destroy us."
- CTO: "We want to leverage cloud-native AI/ML for medical image analysis in the future."
Technical Requirements:
- End-to-end encryption for all data at rest and in transit.
- Strict network isolation to prevent data exfiltration.
- Comprehensive audit logging of all data access.
- High availability across multiple regions.
Constraints:
- Must use Customer-Managed Encryption Keys (CMEK).
- Third-party auditors require detailed compliance reports.
- Legacy .NET applications cannot be easily containerized without refactoring.
QUESTION:
To enable interoperability with other healthcare providers using FHIR standards and prepare for future AI/ML image analysis, which GCP service should you recommend?
CASE STUDY: HealthSecure
Company Overview:
HealthSecure provides electronic health record (EHR) systems and telemedicine platforms to hospitals across North America. They handle highly sensitive patient data.
Current Technical Environment:
- Co-located data centers with strict physical security.
- Monolithic .NET applications running on Windows Server.
- Microsoft SQL Server databases.
- Custom-built video streaming solution for telemedicine.
Business Requirements:
- Migrate to the cloud to improve scalability during telemedicine surges.
- Maintain strict compliance with HIPAA and HITECH regulations.
- Enable interoperability with other healthcare providers using FHIR standards.
Executive Statements:
- CEO: "Telemedicine is exploding. We need to scale instantly to meet patient demand."
- Chief Risk Officer (CRO): "Security and compliance are our license to operate. A data breach would destroy us."
- CTO: "We want to leverage cloud-native AI/ML for medical image analysis in the future."
Technical Requirements:
- End-to-end encryption for all data at rest and in transit.
- Strict network isolation to prevent data exfiltration.
- Comprehensive audit logging of all data access.
- High availability across multiple regions.
Constraints:
- Must use Customer-Managed Encryption Keys (CMEK).
- Third-party auditors require detailed compliance reports.
- Legacy .NET applications cannot be easily containerized without refactoring.
QUESTION:
To enable interoperability with other healthcare providers using FHIR standards and prepare for future AI/ML image analysis, which GCP service should you recommend?
Answer options:
Apigee API Management
Cloud Healthcare API
Cloud Spanner
Dataproc
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Professional Cloud Architect Practice Exam 7
50 questions · hints · full answers · grading