ExpertThis question is part of a case study — click to read the full scenario(Case 06)
CASE STUDY: ShopGlobal
Company Overview:
ShopGlobal is an international e-commerce retailer. They are preparing for their largest annual sales event (Black Friday) and want to migrate off their aging on-premises infrastructure.
Current Technical Environment:
- 3 on-premises data centers (US-East, US-West, EU-Central).
- VMware vSphere environment with 500 VMs.
- Monolithic Java application running on Tomcat.
- Oracle RAC database for transactions.
- 50 TB of product images on SAN storage.
Business Requirements:
- Ensure 100% availability during the upcoming holiday season.
- Modernize the application architecture over the next 3 years.
- Reduce capital expenditure (CapEx) by shifting to an OpEx model.
Executive Statements:
- CEO: "Downtime during Black Friday costs us $1M per hour. We need bulletproof reliability."
- CFO: "We want to stop buying hardware. Move everything to a pay-as-you-go model."
- CTO: "We want to eventually move to microservices, but we don't have time to rewrite the app before the holidays."
Technical Requirements:
- Migrate the existing VMs to the cloud with minimal changes initially.
- Implement a global CDN for product images to reduce latency.
- Set up disaster recovery with an RPO of 15 minutes and RTO of 1 hour.
- Ensure PCI-DSS compliance for payment processing.
Constraints:
- The migration must be completed in 4 months (before the code freeze).
- The Oracle database license cannot be easily transferred to the cloud.
- The team has no experience with Kubernetes or containers yet.
QUESTION:
Given the 4-month timeline and the CTO's constraints, which migration strategy should you recommend for the VMware environment?
GCP PCA · Question 08 · Compliance Design
CASE STUDY: ShopGlobal
Company Overview:
ShopGlobal is an international e-commerce retailer. They are preparing for their largest annual sales event (Black Friday) and want to migrate off their aging on-premises infrastructure.
Current Technical Environment:
- 3 on-premises data centers (US-East, US-West, EU-Central).
- VMware vSphere environment with 500 VMs.
- Monolithic Java application running on Tomcat.
- Oracle RAC database for transactions.
- 50 TB of product images on SAN storage.
Business Requirements:
- Ensure 100% availability during the upcoming holiday season.
- Modernize the application architecture over the next 3 years.
- Reduce capital expenditure (CapEx) by shifting to an OpEx model.
Executive Statements:
- CEO: "Downtime during Black Friday costs us $1M per hour. We need bulletproof reliability."
- CFO: "We want to stop buying hardware. Move everything to a pay-as-you-go model."
- CTO: "We want to eventually move to microservices, but we don't have time to rewrite the app before the holidays."
Technical Requirements:
- Migrate the existing VMs to the cloud with minimal changes initially.
- Implement a global CDN for product images to reduce latency.
- Set up disaster recovery with an RPO of 15 minutes and RTO of 1 hour.
- Ensure PCI-DSS compliance for payment processing.
Constraints:
- The migration must be completed in 4 months (before the code freeze).
- The Oracle database license cannot be easily transferred to the cloud.
- The team has no experience with Kubernetes or containers yet.
QUESTION:
To ensure PCI-DSS compliance for payment processing in the new cloud environment, which combination of GCP security controls should you implement?
CASE STUDY: ShopGlobal
Company Overview:
ShopGlobal is an international e-commerce retailer. They are preparing for their largest annual sales event (Black Friday) and want to migrate off their aging on-premises infrastructure.
Current Technical Environment:
- 3 on-premises data centers (US-East, US-West, EU-Central).
- VMware vSphere environment with 500 VMs.
- Monolithic Java application running on Tomcat.
- Oracle RAC database for transactions.
- 50 TB of product images on SAN storage.
Business Requirements:
- Ensure 100% availability during the upcoming holiday season.
- Modernize the application architecture over the next 3 years.
- Reduce capital expenditure (CapEx) by shifting to an OpEx model.
Executive Statements:
- CEO: "Downtime during Black Friday costs us $1M per hour. We need bulletproof reliability."
- CFO: "We want to stop buying hardware. Move everything to a pay-as-you-go model."
- CTO: "We want to eventually move to microservices, but we don't have time to rewrite the app before the holidays."
Technical Requirements:
- Migrate the existing VMs to the cloud with minimal changes initially.
- Implement a global CDN for product images to reduce latency.
- Set up disaster recovery with an RPO of 15 minutes and RTO of 1 hour.
- Ensure PCI-DSS compliance for payment processing.
Constraints:
- The migration must be completed in 4 months (before the code freeze).
- The Oracle database license cannot be easily transferred to the cloud.
- The team has no experience with Kubernetes or containers yet.
QUESTION:
To ensure PCI-DSS compliance for payment processing in the new cloud environment, which combination of GCP security controls should you implement?
Answer options:
Encrypt all data at rest using Google-managed encryption keys (GMEK) and disable external IP addresses on all VMs.
Implement VPC Service Controls to create a secure perimeter, use Cloud DLP to tokenize credit card data, and enable Cloud Audit Logs.
Deploy a third-party Next-Generation Firewall (NGFW) from the Google Cloud Marketplace and route all traffic through it.
Store all payment data in a separate GCP project and use VPC Network Peering to connect it to the web servers.
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Professional Cloud Architect Practice Exam 7
50 questions · hints · full answers · grading