Exam Professional Cloud Security Engineer topic 1 question 21 discussion

Answer is CD because the doc mentions the following: "App Engine ingress firewall rules are available, but egress rules are not currently available:" and "Compute Engine and GKE are the preferred alternatives."

PCI DSS (Payment Card Industry Data Security Standard) requires strict control over outbound traffic, meaning that only explicitly authorized traffic is allowed to leave the environment. Both App Engine and Cloud Functions are fully managed serverless platforms where Google handles the network configuration, including restrictions on outbound connections. Outbound traffic in these environments can be controlled without additional compensating controls because Google ensures compliance by managing the network restrictions and underlying infrastructure.

While the older answers (CD) were correct based on previous limitations, App Engine now supports egress controls.This means you can configure rules to manage outbound traffic, making it suitable for meeting PCI DSS requirements without needing extra compensating controls.

Today this question does not have an specific answer it seems that compute engine and gke wound need additional steps to setup and functions and app engine it’s possible to just set egress so I would go with this pair

AB With App Engine, you can ingress firewall rules and egress traffic controls . You can use Cloud Functions ingress and egress network settings. AB makes sense if we are talking about controlling ingress and egress traffic

have a look 👀 at https://cloud.google.com/security/compliance/pci-dss#:~:text=The%20scope%20of%20the%20PCI,products%20against%20the%20PCI%20DSS. there are multiple answers!

Ans is CD as per google docs - https://cloud.google.com/architecture/pci-dss-compliance-in-gcp#securing_your_network

CD - since both support Egress firewalls.

The most viable options

Answer is CD: https://cloud.google.com/architecture/pci-dss-compliance-in-gcp#securing_your_network Securing your network To secure inbound and outbound traffic to and from your payment-processing app network, you need to create the following: Compute Engine firewall rules A Compute Engine virtual private network (VPN) tunnel A Compute Engine HTTPS load balancer For creating your VPC, we recommend Cloud NAT for an additional layer of network security. There are many powerful options available to secure networks of both Compute Engine and GKE instances.

Document updated. AD "App Engine ingress firewall rules and egress traffic controls" https://cloud.google.com/architecture/pci-dss-compliance-in-gcp#product_guidance

hey. can anyone explain why isn't A correct? the decumantion mentions app engine as an option but not compute engine https://cloud.google.com/architecture/pci-dss-compliance-in-gcp

Answer is CD For App Engine, the App Engine firewall only applies to incoming traffic routed to your app or service. https://cloud.google.com/appengine/docs/flexible/understanding-firewalls

CD is right

The correct answer is CD

Ans: CD

Ans : CD