exam questions

Exam CCSK All Questions

View all questions & answers for the CCSK exam

Exam CCSK topic 1 question 42 discussion

Actual exam question from CSA's CCSK
Question #: 42
Topic #: 1
[All CCSK Questions]

What is true of security as it relates to cloud network infrastructure?

  • A. You should apply cloud firewalls on a per-network basis.
  • B. You should deploy your cloud firewalls identical to the existing firewalls.
  • C. You should always open traffic between workloads in the same virtual subnet for better visibility.
  • D. You should implement a default allow with cloud firewalls and then restrict as necessary.
  • E. You should implement a default deny with cloud firewalls.
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
cyberkim
Highly Voted 6 months, 1 week ago
On page 90 of the guidance, it says "Implement default deny with cloud firewalls". But it also says "Always restrict traffic between workloads in the same virtual subnet using a cloud firewall (security group) policy whenever possible." So doesn't this mean that "D" would be the better answer, oh wait, D says default "allow" not deny. Almost got trapped. The answer is E.
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago