For this question, refer to the EHR Healthcare case study. You are responsible for ensuring that EHR's use of Google Cloud will pass an upcoming privacy compliance audit. What should you do? (Choose two.)
A.
Verify EHR's product usage against the list of compliant products on the Google Cloud compliance page.
B.
Advise EHR to execute a Business Associate Agreement (BAA) with Google Cloud.
C.
Use Firebase Authentication for EHR's user facing applications.
D.
Implement Prometheus to detect and prevent security breaches on EHR's web-based applications.
E.
Use GKE private clusters for all Kubernetes workloads.
My option it's A & B
A - OK (Google Cloud compliance page will give list of products those are HIPAA compliant https://cloud.google.com/security/compliance/offerings?skip_cache=true#/regions=USA&industries=Healthcare_and_life_sciences&focusArea=Privacy)
B - OK (BAA means HIPAA Business Associate amendment or Business Associate Agreement entered into between Google and Customer. With EHR being a leading provider of health record software, this agreement is required. https://cloud.google.com/files/gcp-hipaa-overview-guide.pdf?hl=en)
C - Eliminated (Firebase authentication provides backend services, easy-to-use SDKs and ready-made libraries to users on App. https://firebase.google.com/docs/auth)
D - Eliminated (more of an observability platform)
E - Eliminated (Running distributed services in GKE private clusters gives enterprises both secure and reliable services. Not sure how this may help with Private Compliance Audit)
A, B is straight forward, I didn’t even think too much before making my mind. You need to read all case studies understand throughly before the exam. This whole set of case studies waste lot of time if you don’t prepare in advance and trying go through during exam. My approach is focus on key words..
A and B
https://cloud.google.com/security/compliance/hipaa
Essential best practices:
1. Execute a Google Cloud BAA. You can request a BAA directly from your account manager.
2. Disable or otherwise ensure that you do not use Google Cloud Products that are not explicitly covered by the BAA (see Covered Products) when working with PHI.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
raf2121
Highly Voted 3 years, 2 months agoSoniaJacob521
Highly Voted 3 years, 2 months agoDav_96
Most Recent 6 months, 1 week agosurajkrishnamurthy
1 year, 10 months agosurajkrishnamurthy
1 year, 10 months agomegumin
1 year, 11 months agoMahmoud_E
2 years agoAzureDP900
2 years, 3 months agoamxexam
2 years, 5 months agombenhassine1986
2 years, 8 months agomuky31dec
2 years, 8 months agoArjun1983
2 years, 9 months agoOrangeTiger
2 years, 9 months agoPime13
2 years, 10 months agoPhilipKoku
2 years, 10 months agovincy2202
2 years, 10 months agopakilodi
2 years, 10 months ago