ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Subtask 3.1: Security DesignIAMActive DirectoryGCDSCase Study
This question is part of a case study — click to read the full scenario(Case 16)

CASE STUDY: MediSecure
Overview: Telehealth provider, 1500 employees, $300M revenue. Core app on AWS, 3 acquired clinics on VMware, fragmented EHRs, Active Directory.
Business Req: Unify patient records, integrate clinics in 90 days, launch patient portal.
Execs: CEO wants rapid integration; CFO wants CapEx to OpEx; CISO demands strict HIPAA/GDPR compliance.
Tech Req: End-to-end PHI encryption, comprehensive audit logging, hybrid connectivity to clinics, DR (RPO 5m, RTO 1h).
Constraints: Clinics have low bandwidth, high staff turnover requires automated IAM, legacy EHRs cannot be modified immediately.

QUESTION:
To meet the 90-day integration timeline and address the low bandwidth at the clinics, how should you establish hybrid connectivity to GCP?

View full case study page →

GCP PCA · Question 19 · Security Design

CASE STUDY: MediSecure
Overview: Telehealth provider, 1500 employees, $300M revenue. Core app on AWS, 3 acquired clinics on VMware, fragmented EHRs, Active Directory.
Business Req: Unify patient records, integrate clinics in 90 days, launch patient portal.
Execs: CEO wants rapid integration; CFO wants CapEx to OpEx; CISO demands strict HIPAA/GDPR compliance.
Tech Req: End-to-end PHI encryption, comprehensive audit logging, hybrid connectivity to clinics, DR (RPO 5m, RTO 1h).
Constraints: Clinics have low bandwidth, high staff turnover requires automated IAM, legacy EHRs cannot be modified immediately.

QUESTION:
How should you address the constraint of high staff turnover and the need for automated IAM provisioning?

Answer options:

A.

Create local IAM users in GCP manually when a new employee joins.

B.

Federate Google Cloud Identity with the existing on-premises Active Directory using Google Cloud Directory Sync (GCDS).

C.

Use Workload Identity to map Kubernetes service accounts to IAM roles.

D.

Implement Identity-Aware Proxy (IAP) to bypass IAM authentication.

How to approach this question

Identify the tool used to sync on-premises identities to Google Cloud.

Full Answer

B.Federate Google Cloud Identity with the existing on-premises Active Directory using Google Cloud Directory Sync (GCDS).✓ Correct
Google Cloud Directory Sync (GCDS) connects the existing Active Directory to Cloud Identity. This ensures that HR/IT only needs to manage users in one place (AD). If a staff member leaves, disabling them in AD automatically revokes their GCP access, solving the high turnover constraint securely.

Common mistakes

Confusing Workload Identity (C) with human identity management.
18All questions20

Practice the full GCP Professional Cloud Architect Practice Exam 5

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...HardQ02CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...MediumQ03CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...MediumQ04CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...MediumQ05CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...Easy
View all 50 questions →