ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Subtask 4.1: Technical ProcessesLoggingAuditBigQueryCompliance
This question is part of a case study — click to read the full scenario(Case 11)

CASE STUDY: HealthData Inc

Overview:
Industry: Healthcare Analytics
Size: 1000 employees

Environment:

  • Co-located data center
  • Hadoop cluster
  • SFTP servers
  • 50 TB patient data

Requirements:

  • ML models for diagnostics
  • Secure data sharing portals
  • Break data silos

Exec Statements:

  • CEO: Need compute for ML.
  • CRO: HIPAA compliance is top priority.
  • CTO: Managed services needed to replace Hadoop.

Tech Reqs:

  • Strict HIPAA compliance
  • Automated PHI de-identification
  • Comprehensive audit logging
  • CMEK
  • Network isolation (no public internet)

Constraints:

  • US data sovereignty
  • 7-year retention (immutable)
  • Easy auditor access

QUESTION: To replace the on-premises Hadoop cluster with a managed service while minimizing migration effort, which GCP service should you recommend?

View full case study page →

GCP PCA · Question 15 · Technical Processes

CASE STUDY: HealthData Inc

Overview:
Industry: Healthcare Analytics
Size: 1000 employees

Environment:

  • Co-located data center
  • Hadoop cluster
  • SFTP servers
  • 50 TB patient data

Requirements:

  • ML models for diagnostics
  • Secure data sharing portals
  • Break data silos

Exec Statements:

  • CEO: Need compute for ML.
  • CRO: HIPAA compliance is top priority.
  • CTO: Managed services needed to replace Hadoop.

Tech Reqs:

  • Strict HIPAA compliance
  • Automated PHI de-identification
  • Comprehensive audit logging
  • CMEK
  • Network isolation (no public internet)

Constraints:

  • US data sovereignty
  • 7-year retention (immutable)
  • Easy auditor access

QUESTION: To satisfy the requirement for 'easy auditor access' to comprehensive audit logs, how should you configure Cloud Logging?

Answer options:

A.

Grant auditors the 'roles/logging.viewer' IAM role at the Organization level.

B.

Create a log sink to export all Admin Activity and Data Access logs to a dedicated BigQuery dataset.

C.

Export logs to a Pub/Sub topic and have auditors subscribe to the topic.

D.

Download logs manually as CSV files and email them to the auditors monthly.

How to approach this question

Identify the best GCP destination for long-term storage and complex querying of log data.

Full Answer

B.Create a log sink to export all Admin Activity and Data Access logs to a dedicated BigQuery dataset.✓ Correct
Cloud Audit Logs (Admin Activity and Data Access) should be routed via a Log Sink to BigQuery. BigQuery provides a highly scalable, SQL-compliant interface that makes it incredibly easy for auditors to search for specific access patterns or anomalies across years of data.

Common mistakes

Relying on the default Cloud Logging interface (A), which is not optimized for long-term retention or complex analytical queries required by auditors.
14All questions16

Practice the full GCP Professional Cloud Architect Practice Exam 6

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ02CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ03CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...HardQ04CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ05CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...Easy
View all 50 questions →