Certificate of Cloud Security Knowledge (CCSK) — Question 133

What is true of security as it relates to cloud network infrastructure?

Answer options

• A. You should apply cloud firewalls on a per-network basis.
• B. You should deploy your cloud firewalls identical to the existing firewalls.
• C. You should always open traffic between workloads in the same virtual subnet for better visibility.
• D. You should implement a default allow with cloud firewalls and then restrict as necessary.
• E. You should implement a default deny with cloud firewalls.

Correct answer: E

Explanation

The correct answer is E because implementing a default deny policy enhances security by blocking all traffic by default and only allowing explicitly permitted traffic. Options A, B, C, and D suggest less secure practices, such as allowing open traffic or mirroring existing firewall setups, which can lead to vulnerabilities in the cloud environment.