Question-5: A patient's paper chart has been replaced with a digital document known as an electronic health record (EHR). Electronic health records (EHRs) are real-time records that are focused on the patient and make information instantaneously and securely accessible to authorized users. Please see the case study on EHR Healthcare for more information on this topic. You are in charge of building the network architecture for Google Kubernetes Engine that is hosted in the Google Cloud. You should adhere to the best practices recommended by Google. What should you do to lower the attack surface, taking into account the business and technological needs of the EHR Healthcare system?
A. Utilize a private cluster that has a private endpoint and configure master authorised networks.
B. Utilize a public cluster that has rules for the firewall and Virtual Private Cloud (VPC) routes.
C. Make use of a private cluster that has an endpoint that is accessible to the public and configure master authorised networks.
D. Utilize a public cluster that has enabled master authorised networks and has firewall rules in place.
Correct Answer
Get All 340 Questions and Answer for Google Professional Cloud Architect
: 1 Explanation: The most secure choice is to block public endpoint access since this eliminates any possibility of internet traffic entering the control plane. If you have set up your on-premises network to connect to Google Cloud via Cloud Interconnect (EHR has enabled this) or Cloud VPN, then this is a solid option for you to proceed with. If you turn off access to the public endpoint, then you will need to set up the private endpoint to allow access only from certain networks. If you do not do this, the only way you will be able to connect to the private endpoint is through cluster nodes or virtual machines that are on the same network as the cluster. Access to public endpoints enabled, as well as access to permitted networks: If you need to administrate the cluster from source networks that are not linked to your cluster's VPC network via the use of Cloud Interconnect or Cloud VPN, this is a useful option for you to consider (but EHR is already using interconnect) Therefore, response C is not correct. The documentation suggests that the response A is the safest option, and in my view, this is the proper one. Disabling access to public endpoints is the choice that offers the highest level of protection since it blocks all internet access to the control plane. If you have already established your on-premises network to connect to Google Cloud via Cloud Interconnect or Cloud VPN, this is an excellent option for you to proceed with. Why exactly so many individuals went with option C is something that is completely beyond me.