GCP Professional Cloud Architect Practice Question
Your healthcare analytics team is exposing a Vertex AI generative model as an internal chat-completion service for clinicians. Compliance mandates that protected health information (PHI) must never traverse the public internet, and every model response must be automatically screened for PHI before it is returned to the caller. Which design best satisfies both requirements while keeping custom code to a minimum?
Deploy the model on a private GKE cluster accessed over a VPN and use Cloud KMS envelope encryption to protect PHI in transit between clients and the cluster.
Expose the model through a private Vertex AI endpoint reachable via Private Service Connect within a VPC Service Controls perimeter, and enable Model Armor with a Sensitive Data Protection policy to automatically redact PHI in responses.
Export the model to Cloud Run behind Identity-Aware Proxy and call the Cloud DLP API from custom middleware to remove PHI before returning responses.
Serve the model on a public Vertex AI endpoint restricted to clinician accounts by IAM policies, relying on Cloud Audit Logs to monitor any PHI exposure.
Serving the model through a private Vertex AI prediction endpoint that is reachable only over Private Service Connect keeps request and response traffic on Google's private network, meeting the "no public internet" mandate. Placing the service inside a VPC Service Controls perimeter adds an additional control to block accidental or malicious data exfiltration. Enabling Model Armor with a Sensitive Data Protection (Cloud DLP) policy provides built-in inspection and redaction of PHI in prompts and responses without requiring you to write and maintain custom middleware. The other options either expose the service publicly, rely solely on IAM and logging, or require significant custom implementation and do not leverage Vertex AI's native private access and content-inspection capabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Private Service Connect, and how does it ensure security in cloud communications?
Open an interactive chat with Bash
How does Model Armor with Sensitive Data Protection work with PHI?
Open an interactive chat with Bash
What is a VPC Service Controls perimeter, and why is it important for data security?
Open an interactive chat with Bash
What is Private Service Connect in GCP?
Open an interactive chat with Bash
What is Model Armor in Vertex AI, and how does it help with PHI protection?
Open an interactive chat with Bash
What role does a VPC Service Controls perimeter play in securing PHI?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Designing for security and compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .