ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 5: Managing Implementation and Ensuring Solution and Operations ReliabilityNetworkingCloud SQLSecurity
This question is part of a case study — click to read the full scenario(Case 16)

CASE STUDY: HealthSecure. 50M patient records. Legacy mainframe, on-prem SAN (100TB), .NET portal. Req: Modernize portal, secure hospital sharing, fast audits. CEO: Modern UX. CFO: Automate audits. CISO: Zero breaches. Tech: HIPAA, CMEK, audit logging, API gateway, DR (1h RPO/4h RTO). Constraints: No public DB IPs, Dev/Ops separation, US data only, mainframe stays on-prem via VPN.

To meet the 1-hour RPO and 4-hour RTO for the modernized portal database, which architecture should you implement?

View full case study page →

GCP PCA · Question 20 · Domain 5: Managing Implementation and Ensuring Solution and Operations Reliability

CASE STUDY: HealthSecure. 50M patient records. Legacy mainframe, on-prem SAN (100TB), .NET portal. Req: Modernize portal, secure hospital sharing, fast audits. CEO: Modern UX. CFO: Automate audits. CISO: Zero breaches. Tech: HIPAA, CMEK, audit logging, API gateway, DR (1h RPO/4h RTO). Constraints: No public DB IPs, Dev/Ops separation, US data only, mainframe stays on-prem via VPN.

How should you configure the database network to meet the constraint of 'No public DB IPs' while allowing the modernized portal to access it?

Answer options:

A.

Deploy Cloud SQL with a public IP and restrict access via Authorized Networks.

B.

Deploy Cloud SQL with a private IP only, using Private Services Access.

C.

Use Cloud SQL Proxy over the public internet.

D.

Place the database in a public subnet and use Cloud NAT.

How to approach this question

Identify how to deploy managed services privately in GCP.

Full Answer

B.Deploy Cloud SQL with a private IP only, using Private Services Access.✓ Correct
Private Services Access creates a VPC peering connection between your VPC and Google's managed VPC, allowing Cloud SQL to operate with only a private IP.

Common mistakes

Using Authorized Networks, which still requires a public IP.
19All questions21

Practice the full GCP Professional Cloud Architect Practice Exam 2

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ02CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ03CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...HardQ04CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ05CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Easy
View all 50 questions →