Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

GCP professional cloud architect > Topic 4 > Flashcards

Topic 4 Flashcards

EHR Healthcare case study

1
Q

Question #: 1
Topic #: 4

For this question, refer to the EHR Healthcare case study. You are responsible for ensuring that EHR’s use of Google Cloud will pass an upcoming privacy compliance audit. What should you do? (Choose two.)

A. Verify EHR's product usage against the list of compliant products on the Google Cloud compliance page.
B. Advise EHR to execute a Business Associate Agreement (BAA) with Google Cloud.
C. Use Firebase Authentication for EHR's user facing applications.
D. Implement Prometheus to detect and prevent security breaches on EHR's web-based applications.
E. Use GKE private clusters for all Kubernetes workloads.

https://www.examtopics.com/discussions/google/view/60388-exam-professional-cloud-architect-topic-4-question-1/

A

A. Verify EHR’s product usage against the list of compliant products on the Google Cloud compliance page.
B. Advise EHR to execute a Business Associate Agreement (BAA) with Google Cloud.

https://cloud.google.com/security/compliance/hipaa

A - OK (Google Cloud compliance page will give list of products those are HIPAA compliant https://cloud.google.com/security/compliance/offerings?skip_cache=true#/regions=USA&industries=Healthcare_and_life_sciences&focusArea=Privacy)
B - OK (BAA means HIPAA Business Associate amendment or Business Associate Agreement entered into between Google and Customer. With EHR being a leading provider of health record software, this agreement is required. https://cloud.google.com/files/gcp-hipaa-overview-guide.pdf?hl=en)
C - Eliminated (Firebase authentication provides backend services, easy-to-use SDKs and ready-made libraries to users on App. https://firebase.google.com/docs/auth)
D - Eliminated (more of an observability platform)
E - Eliminated (Running distributed services in GKE private clusters gives enterprises both secure and reliable services. Not sure how this may help with Private Compliance Audit)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Question #: 2
Topic #: 4

For this question, refer to the EHR Healthcare case study. You need to define the technical architecture for securely deploying workloads to Google Cloud. You also need to ensure that only verified containers are deployed using Google Cloud services. What should you do? (Choose two.)

A. Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline.
B. Configure Jenkins to utilize Kritis to cryptographically sign a container as part of a CI/CD pipeline.
C. Configure Container Registry to only allow trusted service accounts to create and deploy containers from the registry.
D. Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.

https://www.examtopics.com/discussions/google/view/60423-exam-professional-cloud-architect-topic-4-question-2/

A

A. Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline.

D. Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.

Binary Authorization to ensure only verified containers are deployed
To ensure deployment are secure and and consistent, automatically scan images for vulnerabilities with container analysis (https://cloud.google.com/docs/ci-cd/overview?hl=en&skip_cache=true)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Question #: 3
Topic #: 4

You need to upgrade the EHR connection to comply with their requirements. The new connection design must support business-critical needs and meet the same network and security policy requirements. What should you do?

A. Add a new Dedicated Interconnect connection.
B. Upgrade the bandwidth on the Dedicated Interconnect connection to 100 G.
C. Add three new Cloud VPN connections.
D. Add a new Carrier Peering connection.

https://www.examtopics.com/discussions/google/view/60403-exam-professional-cloud-architect-topic-4-question-3/

A

A. Add a new Dedicated Interconnect connection.

[Removed] Highly Voted 2 years, 3 months ago
Selected Answer: A
I will go A cause note in https://cloud.google.com/network-connectivity/docs/interconnect/how-to/dedicated/modifying-interconnects says
“ It is not possible to change the link type on an Interconnect connection circuit from 10 Gbps to 100 Gbps. If you want to migrate to 100 Gbps, you must first provision a new 100-Gbps Interconnect connection alongside your existing 10-Gbps connection, and then migrate the traffic onto the 100-Gbps connection.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Question #: 4
Topic #: 4

For this question, refer to the EHR Healthcare case study. You need to define the technical architecture for hybrid connectivity between EHR’s on-premises systems and Google Cloud. You want to follow Google’s recommended practices for production-level applications. Considering the EHR Healthcare business and technical requirements, what should you do?

A. Configure two Partner Interconnect connections in one metro (City), and make sure the Interconnect connections are placed in different metro zones.
B. Configure two VPN connections from on-premises to Google Cloud, and make sure the VPN devices on-premises are in separate racks.
C. Configure Direct Peering between EHR Healthcare and Google Cloud, and make sure you are peering at least two Google locations.
D. Configure two Dedicated Interconnect connections in one metro (City) and two connections in another metro, and make sure the Interconnect connections are placed in different metro zones.

https://www.examtopics.com/discussions/google/view/60435-exam-professional-cloud-architect-topic-4-question-4/

A

D. Configure two Dedicated Interconnect connections in one metro (City) and two connections in another metro, and make sure the Interconnect connections are placed in different metro zones.

Answer : D (based on the requirement of secure and high-performance connection between on-premises systems to Google Cloud)

Between A and D, picked D as with Direct Connect EHR can get the bandwidth of 10 GBS to 100GBS (VPN ruled out as traffic is over internet and due to bandwidth. Direct Peering is more for Workspace rather than Google Cloud)

If we notice this line in question - “Google’s recommended practices for production-level applications” and then see overview of these 2 pages- https://cloud.google.com/network-connectivity/docs/interconnect/tutorials/production-level-overview and https://cloud.google.com/network-connectivity/docs/interconnect/tutorials/non-critical-overview. It is clear answer should be D , which is topology for production level applications recommended by Google

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Question #: 5
Topic #: 4

For this question, refer to the EHR Healthcare case study. You are a developer on the EHR customer portal team. Your team recently migrated the customer portal application to Google Cloud. The load has increased on the application servers, and now the application is logging many timeout errors. You recently incorporated Pub/Sub into the application architecture, and the application is not logging any Pub/Sub publishing errors. You want to improve publishing latency.
What should you do?

A. Increase the Pub/Sub Total Timeout retry value.
B. Move from a Pub/Sub subscriber pull model to a push model.
C. Turn off Pub/Sub message batching.
D. Create a backup Pub/Sub message queue.

https://www.examtopics.com/discussions/google/view/60405-exam-professional-cloud-architect-topic-4-question-5/

A

C. Turn off Pub/Sub message batching.

(https://cloud.google.com/pubsub/docs/publisher?hl=en#batching)
Cost of Batching is latency for individual messages,. To minimize latency batching should be turned off

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Question #: 6
Topic #: 4

For this question, refer to the EHR Healthcare case study. In the past, configuration errors put public IP addresses on backend servers that should not have been accessible from the Internet. You need to ensure that no one can put external IP addresses on backend Compute Engine instances and that external IP addresses can only be configured on frontend Compute Engine instances. What should you do?

A. Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.
B. Revoke the compute.networkAdmin role from all users in the project with front end instances.
C. Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.
D. Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.

https://www.examtopics.com/discussions/google/view/60407-exam-professional-cloud-architect-topic-4-question-6/

A

A. Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.

Using an Organization Policy, you can restrict external IP addresses to specific VMs with constraints to control use of external IP addresses for your VM instances within an organization or a project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

GCP professional cloud architect (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions