Exam Professional Cloud Security Engineer topic 1 question 16 discussion

@TNT87 and others, if you say (B) or even (C) or (A) can you provide proof and URLs to support your claims. Simply saying if you have done Cloud Architect you will know Everything under the sun is not the proper response, this is a discussion and a community here trying to learn. Not everyone will be in same standard or level. Be helpful for others please....

Its B. Reasons: 1. They are asking for advise for Developers. (IaC is the suitable as they don't have to worry about managing infrastructure manually). Moreover "An organization’s typical network and security review consists of analyzing application transit routes, request handling, and firewall rules." statement is defining the process, they are not asking about the option to review the rules. Using Forseti is not reducing the overhead for Developers.

They want to enable their developer teams to deploy new applications without the overhead of this full review - Questions says this . I am not sure if that feature is available in Forseti as per it, it is Inventory, Scanner, Explain, Enforce & Notification .

The question emphasizes infrastructure related overhead. "B" is there only answer that addresses infrastructure overhead by leveraging infrastructure as code. Specifically the overhead is around security and policy concerns which are addressed by terraform in what they call "policy as code". https://www.terraform.io/use-cases/enforce-policy-as-code

B: the best answer. https://cloud.google.com/recommender/docs/tutorial-iac

The correct answer is B

The problem I see with B is that there is no reason why reviews should disappear: IaC is code and code needs to be reviewed before being deployed. Depending on the companies, devops writing terraform / CDK are named developers as well. Forseti seems to be able to automate this: https://github.com/forseti-security/forseti-security/tree/master/samples/scanner/scanners

I think B is the answer, can anybody explain why A is correct?

Took the tesk today, only 5 question from this dump, the rest are new questions.

My vote goes to B by discard. A) only mentions firewall rules, but nothing about network routes, and nothing on Forseti website either https://forsetisecurity.org/about/ C) Talks about malicious patterns, not about network routes, requests handling and patterns, like the question says D) Running on-prem doesn't guarantee a higher level of control Thus, the only answer that makes sense for me is B

if you done Cloud Rchitect,you will understand why the answer is B

Ans - C

I will also go with option A

B is the answer

Answer is B and not A because in A, the answer provided tells us the environment is in production where the question is about to enable their developer teams to deploy new applications without the overhead of the full review. Implementation of IAC is suitable for this. Answer is B.

Yes B serves the purpose.

Answer is A