ExpertThis question is part of a case study — click to read the full scenario(Case 16)
CASE STUDY: HealthSecure
Company Overview:
HealthSecure provides electronic health record (EHR) systems and telemedicine platforms to hospitals across North America. They handle highly sensitive patient data.
Current Technical Environment:
- Co-located data centers with strict physical security.
- Monolithic .NET applications running on Windows Server.
- Microsoft SQL Server databases.
- Custom-built video streaming solution for telemedicine.
Business Requirements:
- Migrate to the cloud to improve scalability during telemedicine surges.
- Maintain strict compliance with HIPAA and HITECH regulations.
- Enable interoperability with other healthcare providers using FHIR standards.
Executive Statements:
- CEO: "Telemedicine is exploding. We need to scale instantly to meet patient demand."
- Chief Risk Officer (CRO): "Security and compliance are our license to operate. A data breach would destroy us."
- CTO: "We want to leverage cloud-native AI/ML for medical image analysis in the future."
Technical Requirements:
- End-to-end encryption for all data at rest and in transit.
- Strict network isolation to prevent data exfiltration.
- Comprehensive audit logging of all data access.
- High availability across multiple regions.
Constraints:
- Must use Customer-Managed Encryption Keys (CMEK).
- Third-party auditors require detailed compliance reports.
- Legacy .NET applications cannot be easily containerized without refactoring.
QUESTION:
To meet the CRO's requirement for strict network isolation and prevent data exfiltration of sensitive patient records, which GCP security feature must be implemented?
GCP PCA · Question 20 · Compute Systems
CASE STUDY: HealthSecure
Company Overview:
HealthSecure provides electronic health record (EHR) systems and telemedicine platforms to hospitals across North America. They handle highly sensitive patient data.
Current Technical Environment:
- Co-located data centers with strict physical security.
- Monolithic .NET applications running on Windows Server.
- Microsoft SQL Server databases.
- Custom-built video streaming solution for telemedicine.
Business Requirements:
- Migrate to the cloud to improve scalability during telemedicine surges.
- Maintain strict compliance with HIPAA and HITECH regulations.
- Enable interoperability with other healthcare providers using FHIR standards.
Executive Statements:
- CEO: "Telemedicine is exploding. We need to scale instantly to meet patient demand."
- Chief Risk Officer (CRO): "Security and compliance are our license to operate. A data breach would destroy us."
- CTO: "We want to leverage cloud-native AI/ML for medical image analysis in the future."
Technical Requirements:
- End-to-end encryption for all data at rest and in transit.
- Strict network isolation to prevent data exfiltration.
- Comprehensive audit logging of all data access.
- High availability across multiple regions.
Constraints:
- Must use Customer-Managed Encryption Keys (CMEK).
- Third-party auditors require detailed compliance reports.
- Legacy .NET applications cannot be easily containerized without refactoring.
QUESTION:
Given the constraint that the legacy .NET applications cannot be easily containerized, which compute architecture should you recommend for the migration?
CASE STUDY: HealthSecure
Company Overview:
HealthSecure provides electronic health record (EHR) systems and telemedicine platforms to hospitals across North America. They handle highly sensitive patient data.
Current Technical Environment:
- Co-located data centers with strict physical security.
- Monolithic .NET applications running on Windows Server.
- Microsoft SQL Server databases.
- Custom-built video streaming solution for telemedicine.
Business Requirements:
- Migrate to the cloud to improve scalability during telemedicine surges.
- Maintain strict compliance with HIPAA and HITECH regulations.
- Enable interoperability with other healthcare providers using FHIR standards.
Executive Statements:
- CEO: "Telemedicine is exploding. We need to scale instantly to meet patient demand."
- Chief Risk Officer (CRO): "Security and compliance are our license to operate. A data breach would destroy us."
- CTO: "We want to leverage cloud-native AI/ML for medical image analysis in the future."
Technical Requirements:
- End-to-end encryption for all data at rest and in transit.
- Strict network isolation to prevent data exfiltration.
- Comprehensive audit logging of all data access.
- High availability across multiple regions.
Constraints:
- Must use Customer-Managed Encryption Keys (CMEK).
- Third-party auditors require detailed compliance reports.
- Legacy .NET applications cannot be easily containerized without refactoring.
QUESTION:
Given the constraint that the legacy .NET applications cannot be easily containerized, which compute architecture should you recommend for the migration?
Answer options:
Deploy the .NET applications to Google Kubernetes Engine (GKE) using Windows Server node pools.
Replatform the applications to Cloud Run.
Migrate the applications to Compute Engine Windows Server VMs managed by Managed Instance Groups (MIGs).
Use App Engine standard environment for .NET.
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Professional Cloud Architect Practice Exam 7
50 questions · hints · full answers · grading