ExpertThis question is part of a case study — click to read the full scenario(Case 11)
CASE STUDY: HealthData Corp
Overview: Healthcare SaaS managing 10PB of sensitive patient records and imaging.
Business: Strict HIPAA/SOC 2 compliance, ransomware protection, secure sharing of anonymized data with researchers, robust DR.
Executives:
- CEO: "Trust is our product. Zero tolerance for breaches."
- CFO: "Storage costs growing exponentially. Need lifecycle management."
- CISO: "Zero-trust architecture, end-to-end encryption."
Tech: RPO 15m, RTO 2h for core DB. All data CMEK encrypted. Strict access controls, audit logging. Prevent data exfiltration.
Constraints: Images retained 7 years but rarely accessed after 90 days. Researchers use external identities. No public IPs on compute.
How should you design the network security architecture to prevent data exfiltration, even if an employee's credentials are compromised?
GCP PCA · Question 14 · Domain 4: Analyzing and Optimizing Technical and Business Processes
CASE STUDY: HealthData Corp
Overview: Healthcare SaaS managing 10PB of sensitive patient records and imaging.
Business: Strict HIPAA/SOC 2 compliance, ransomware protection, secure sharing of anonymized data with researchers, robust DR.
Executives:
- CEO: "Trust is our product. Zero tolerance for breaches."
- CFO: "Storage costs growing exponentially. Need lifecycle management."
- CISO: "Zero-trust architecture, end-to-end encryption."
Tech: RPO 15m, RTO 2h for core DB. All data CMEK encrypted. Strict access controls, audit logging. Prevent data exfiltration.
Constraints: Images retained 7 years but rarely accessed after 90 days. Researchers use external identities. No public IPs on compute.
Which disaster recovery architecture should you design for the core database to meet the RPO of 15 minutes and RTO of 2 hours?
CASE STUDY: HealthData Corp
Overview: Healthcare SaaS managing 10PB of sensitive patient records and imaging.
Business: Strict HIPAA/SOC 2 compliance, ransomware protection, secure sharing of anonymized data with researchers, robust DR.
Executives:
- CEO: "Trust is our product. Zero tolerance for breaches."
- CFO: "Storage costs growing exponentially. Need lifecycle management."
- CISO: "Zero-trust architecture, end-to-end encryption."
Tech: RPO 15m, RTO 2h for core DB. All data CMEK encrypted. Strict access controls, audit logging. Prevent data exfiltration.
Constraints: Images retained 7 years but rarely accessed after 90 days. Researchers use external identities. No public IPs on compute.
Which disaster recovery architecture should you design for the core database to meet the RPO of 15 minutes and RTO of 2 hours?
Answer options:
Take daily automated backups of the database and store them in a multi-region Cloud Storage bucket.
Deploy Cloud SQL for PostgreSQL with Cross-Region Read Replicas. In a disaster, promote the replica to primary.
Use Cloud Spanner in a single-region configuration.
Export the database to BigQuery every 15 minutes.
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Professional Cloud Architect Practice Exam 4
50 questions · hints · full answers · grading