Exam CAS-004 topic 1 question 291 discussion

o Virtual next-generation firewall (vNGFW): A virtual firewall that operates in the cloud environment, providing advanced security features like intrusion prevention, deep packet inspection, and application control, essential for protecting cloud workloads and network traffic. o Web application firewall (WAF): A security measure specifically designed to protect web applications from attacks like SQL injection, cross-site scripting (XSS), and others. It sits in front of the web application server and analyzes incoming requests to identify and block malicious traffic. o External vulnerability scans: Regularly scheduled scans of the cloud environment from outside the network to identify potential vulnerabilities in the infrastructure, applications, and operating systems. This provides the MSP with a comprehensive view of security risks and allows them to prioritize remediation efforts.

BCE is correct, had this on the exam today. Passed with BCE

Vulnerability scanning and cloud providers is typically a no-go. I would be shocked if scanning activity from outside a cloud environment was within acceptible use policies.

Reviewing this I think its ABE and for these reasons: A - CDN, we need to focus on a scalable and high-performance approach. CDN offers this. Everyone is voting virtual NGFW and WAF which are really good choices but they don't optimize performance. B - VNGFW, we are going to choose this over WAF because of the architecture design that is provided to us. E - Vuln Scanner, obviously we need to over some type of scanning. So this would be the only best choice

"scalable, high-performance, online user experience" and "load balancer". Sounds like you need a CDN for that. I'll also choose the Virtual Next-Generation Firewall and External Vulnerability scans for good measure.

BCE should be right. I didn't choose E the first time but after a little research, I think it's the best third choice.

B. Virtual next-generation firewall C. Web application firewall E. External vulnerability scans Here's an explanation for each choice: B. Virtual next-generation firewall: A next-generation firewall provides advanced security features beyond traditional firewalls. In a cloud environment, a virtual next-generation firewall can inspect and filter traffic between virtual machines, helping to secure the network. C. Web application firewall: A web application firewall (WAF) helps protect web applications from various attacks, such as SQL injection, cross-site scripting (XSS), and other application-layer attacks. This is crucial for securing web servers and ensuring the integrity of web applications. E. External vulnerability scans: External vulnerability scans involve assessing the cloud environment for known vulnerabilities and security weaknesses. This helps identify and address potential entry points for attackers.