ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Architect All Questions

View all questions & answers for the Professional Cloud Architect exam
Go to Exam

Exam Professional Cloud Architect topic 1 question 47 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 47
Topic #: 1
[All Professional Cloud Architect Questions]

Your company is migrating its on-premises data center into the cloud. As part of the migration, you want to integrate Google Kubernetes Engine (GKE) for workload orchestration. Parts of your architecture must also be PCI DSS-compliant. Which of the following is most accurate?

  • A. App Engine is the only compute platform on GCP that is certified for PCI DSS hosting.
  • B. GKE cannot be used under PCI DSS because it is considered shared hosting.
  • C. GKE and GCP provide the tools you need to build a PCI DSS-compliant environment.
  • D. All Google Cloud services are usable because Google Cloud Platform is certified PCI-compliant.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by rishab86 at June 6, 2021, 5:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rishab86
Highly Voted 3 years, 10 months ago
Link : https://cloud.google.com/security/compliance/pci-dss Clearly mention GKE as PCI DSS-Compliant but not all GCP service are PCI DSS-Compliant so answer is definitely C.
upvoted 47 times
Mikado211
2 years, 8 months ago
In 2022, GCP is now fully PCI-DSS compliant, so technically D is perfectly true. But you still have to check that your application is PCI-DSS compliant. so C is still the best answer.
upvoted 8 times
...
MaxNRG
3 years, 6 months ago
C – Kubernetes Engine provides tools you need to build to PCI-DSS compliant environment.
upvoted 1 times
...
haroldbenites
3 years, 4 months ago
But, The paragraph 3 says that all products of google are certified by PCI.
upvoted 2 times
...
...
aviratna
Highly Voted 3 years, 10 months ago
C: GKE & Compute Engine is PCI DSS compliant while Cloud Function, App Engine are not PC compliant
upvoted 5 times
...
Ekramy_Elnaggar
Most Recent 5 months, 1 week ago
Selected Answer: C
1. GKE and PCI DSS: While GKE itself isn't inherently PCI DSS compliant, it provides the infrastructure and tools you need to build a compliant environment. You'll need to configure it correctly, implement security measures, and follow best practices. 2. Shared Responsibility Model: Google Cloud Platform operates under a shared responsibility model. Google is responsible for securing the underlying infrastructure, while you are responsible for securing your applications and data within that environment.   3. Flexibility for Compliance: GKE offers features like private clusters, network policies, and integration with security tools that help you meet PCI DSS requirements.
upvoted 3 times
...
eka_nostra
1 year, 9 months ago
Selected Answer: C
We still have to configure our env to comply with PCI/DSS. https://cloud.google.com/architecture/pci-dss-compliance-in-gcp#kubernetes_engine
upvoted 1 times
...
omermahgoub
2 years, 4 months ago
The most accurate statement is option C: GKE and GCP provide the tools you need to build a PCI DSS-compliant environment. Google Kubernetes Engine (GKE) is a fully managed service that allows you to deploy and manage containerized applications on Google Cloud. It is not specifically certified for PCI DSS hosting, but it can be used as part of a PCI DSS-compliant environment if the necessary controls and safeguards are in place. Google Cloud Platform (GCP) provides a range of tools and services that can be used to build a PCI DSS-compliant environment, including Cloud Identity and Access Management (IAM) for controlling access to resources, Cloud Key Management Service (KMS) for managing encryption keys, and Cloud Security Command Center for monitoring and detecting security threats.
upvoted 4 times
omermahgoub
2 years, 4 months ago
Option A: App Engine is a fully managed platform for building and deploying web and mobile applications, but it is not the only compute platform on GCP that is certified for PCI DSS hosting. Other compute platforms such as Compute Engine and Google Kubernetes Engine can also be used as part of a PCI DSS-compliant environment. Option B: GKE is not considered shared hosting and can be used as part of a PCI DSS-compliant environment if the necessary controls and safeguards are in place. Option D: While Google Cloud Platform is certified PCI-compliant, not all of its services are automatically usable in a PCI DSS-compliant environment. It is up to the user to ensure that they are using the appropriate controls and safeguards to meet the requirements of the PCI DSS.
upvoted 3 times
...
...
abirroy
2 years, 7 months ago
Selected Answer: C
C is the right answer
upvoted 1 times
...
[Removed]
3 years, 2 months ago
Selected Answer: C
I got similar question on my exam.
upvoted 3 times
...
vincy2202
3 years, 4 months ago
Selected Answer: C
C is the correct answer
upvoted 1 times
...
haroldbenites
3 years, 4 months ago
Go for C.
upvoted 1 times
...
SHOURYA_SOOD
3 years, 5 months ago
Selected Answer: C
C- All of them: GKE, GCE, and GAE ate PCI-DSS-Compliant but A & B says it's only GAE and GCE respectively so cancel them out. D says all of GCP is PCI DSS-Compliant but it's not true. So, C seems to be the right answer.
upvoted 1 times
...
imranmani
3 years, 6 months ago
C is the right answer
upvoted 1 times
...
MamthaSJ
3 years, 9 months ago
Answer is C
upvoted 3 times
...
victory108
3 years, 9 months ago
C. GKE and GCP provide the tools you need to build a PCI DSS-compliant environment.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago