ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Subtask 3.2: Compliance DesignSecurityPCI-DSSVPC Service ControlsCase Study
This question is part of a case study — click to read the full scenario(Case 06)

CASE STUDY: ShopGlobal
Overview: Retailer, 2000 employees, $500M revenue. US-Central co-lo, Java/Tomcat monolith, Oracle RAC 20TB, batch inventory sync.
Business Req: Handle 10x Black Friday spikes, personalized recommendations, modernize to microservices.
Execs: CEO wants omnichannel; CFO needs predictable spend; CTO demands zero downtime cutover.
Tech Req: PCI-DSS compliance, automated image processing, real-time inventory, CI/CD.
Constraints: Complex Oracle stored procedures, team learning containers, strict bi-annual audits.

QUESTION:
Which compute platform should you recommend for the modernized microservices architecture, considering the team is just learning containers?

View full case study page →

GCP PCA · Question 08 · Compliance Design

CASE STUDY: ShopGlobal
Overview: Retailer, 2000 employees, $500M revenue. US-Central co-lo, Java/Tomcat monolith, Oracle RAC 20TB, batch inventory sync.
Business Req: Handle 10x Black Friday spikes, personalized recommendations, modernize to microservices.
Execs: CEO wants omnichannel; CFO needs predictable spend; CTO demands zero downtime cutover.
Tech Req: PCI-DSS compliance, automated image processing, real-time inventory, CI/CD.
Constraints: Complex Oracle stored procedures, team learning containers, strict bi-annual audits.

QUESTION:
To meet the strict PCI-DSS compliance requirements and prepare for bi-annual audits, which security architecture should you implement?

Answer options:

A.

Place all microservices in a single flat network and rely on IAM for access control.

B.

Isolate the payment environment in a separate VPC, use VPC Service Controls, and enable Cloud Audit Logs.

C.

Use Cloud VPN to route all payment traffic back to the on-premises data center for processing.

D.

Encrypt all data with Google-managed keys and disable external IP addresses on all VMs.

How to approach this question

Identify the combination of network segmentation, data protection, and auditing.

Full Answer

B.Isolate the payment environment in a separate VPC, use VPC Service Controls, and enable Cloud Audit Logs.✓ Correct
PCI-DSS requires isolating the Cardholder Data Environment (CDE). A separate VPC provides network isolation. VPC Service Controls prevents data exfiltration from managed services. Cloud Audit Logs provide the necessary trails for the bi-annual audits.

Common mistakes

Relying solely on IAM (A) without network-level segmentation.
07All questions09

Practice the full GCP Professional Cloud Architect Practice Exam 5

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...HardQ02CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...MediumQ03CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...MediumQ04CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...MediumQ05CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...Easy
View all 50 questions →