Examice

Exam CCSK All QuestionsBrowse all questions from this exam

Go to Exam

Question 42

What is true of security as it relates to cloud network infrastructure?

You should apply cloud firewalls on a per-network basis.

You should deploy your cloud firewalls identical to the existing firewalls.

You should always open traffic between workloads in the same virtual subnet for better visibility.

You should implement a default allow with cloud firewalls and then restrict as necessary.

You should implement a default deny with cloud firewalls.

Correct Answer: E

For secure cloud network infrastructure, it is crucial to implement a default deny policy with cloud firewalls. This approach ensures that all inbound and outbound traffic is initially blocked, providing a strong security posture. Specific rules are then added to allow only the necessary and trusted traffic, reducing the risk of unauthorized access or data breaches. This method helps to create a more controlled and predictable security environment.

Discussion

cyberkimOption: E

On page 90 of the guidance, it says "Implement default deny with cloud firewalls". But it also says "Always restrict traffic between workloads in the same virtual subnet using a cloud firewall (security group) policy whenever possible." So doesn't this mean that "D" would be the better answer, oh wait, D says default "allow" not deny. Almost got trapped. The answer is E.