For this question, refer to the EHR Healthcare case study. You are responsible for ensuring that EHR’s use of Google Cloud will pass an upcoming privacy compliance audit. What should you do? (Choose two.)
A. Verify EHR’s product usage against the list of compliant products on the Google Cloud compliance page.
B. Advise EHR to execute a Business Associate Agreement (BAA) with Google Cloud.
C. Use Firebase Authentication for EHR’s user facing applications.
D. Implement Prometheus to detect and prevent security breaches on EHR’s web-based applications.
E. Use GKE private clusters for all Kubernetes workloads.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
A, B
Explanation
A. Verify EHR’s product usage against the list of compliant products on the Google Cloud compliance page.
(Google Cloud compliance page will give list of products those are HIPAA compliant
https://cloud.google.com/security/compliance/offerings?skip_cache=true#/regions=USA&industries=Healthcare_and_life_sciences&focusArea=Privacy)
B. Advise EHR to execute a Business Associate Agreement (BAA) with Google Cloud.
(BAA means HIPAA Business Associate Amendment or Business Associate Agreement entered into between Google and Customer. With EHR being a leading provider of health record software, this agreement is required.
https://cloud.google.com/files/gcp-hipaa-overview-guide.pdf?hl=en)
C. Use Firebase Authentication for EHR’s user facing applications.
(Ruled out. Firebase authentication provides backend services, easy-to-use SDKs and ready-made libraries to users on App.)
D. Implement Prometheus to detect and prevent security breaches on EHR’s web-based applications.
(Ruled out. It’s an observability platform.)
E. Use GKE private clusters for all Kubernetes workloads.
(Ruled out. Running distributed services in GKE private clusters gives enterprises both secure and reliable services.)