GCP Professional Cloud Security Engineer Practice Question
Your organization runs hundreds of Google Cloud projects for different product teams worldwide. A subset of these projects process U.S. patient records and must be included in an upcoming HIPAA audit. The compliance team needs an auditable way to define the exact Google Cloud resources that fall under the HIPAA scope, apply stronger encryption and network controls to them only, and prevent other unrelated projects from inheriting those constraints. Which design best meets these goals while minimizing operational overhead?
Enable Access Transparency organization-wide so auditors can filter provider access logs to identify the projects that handled HIPAA data.
Place all projects in a single Shared VPC and rely on subnet-level firewall rules to identify and secure HIPAA traffic when needed.
Apply a hipaa=true label to all resources that process protected health information and use Cloud Asset Inventory queries during the audit to demonstrate scope.
Create a dedicated "HIPAA" folder under the organization, move every project that stores ePHI into it, and attach HIPAA-specific Organization Policies and hierarchical firewall rules to that folder.
Creating a dedicated folder for HIPAA workloads establishes a clear, top-level node in the resource hierarchy that represents the compliance boundary. Moving all projects that handle ePHI into this folder lets you:
Attach Organization Policy constraints (for example, require CMEK, restrict resource locations) that automatically propagate to every current or future HIPAA project.
Apply Hierarchical Firewall policies and create isolated VPCs that are inherited only by projects in the folder.
Demonstrate to auditors that everything inside the folder is in scope and everything outside is not, without affecting unrelated teams.
Labels (even if consistently applied) do not enforce controls and are hard to prove as an authoritative boundary. Access Transparency only logs provider access and does not set scope. A single Shared VPC spanning all projects blurs the compliance boundary and makes it difficult to restrict policy inheritance to HIPAA workloads.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How do Organization Policies work in Google Cloud?
Open an interactive chat with Bash
What are Hierarchical Firewall Rules in Google Cloud?
Open an interactive chat with Bash
What is the purpose of a Shared VPC in Google Cloud, and why isn't it suitable for HIPAA compliance?
Open an interactive chat with Bash
What is the purpose of organization policies in Google Cloud?
Open an interactive chat with Bash
How do hierarchical firewall rules work in Google Cloud?
Open an interactive chat with Bash
Why is a shared VPC not ideal for managing HIPAA compliance?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Supporting compliance requirements
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .