Google Cloud Professional Cloud Security Engineer — Question 25

An organization's typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review.
How should you advise this organization?

Answer options

• A. Use Forseti with Firewall filters to catch any unwanted configurations in production.
• B. Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.
• C. Route all VPC traffic through customer-managed routers to detect malicious patterns in production.
• D. All production applications will run on-premises. Allow developers free rein in GCP as their dev and QA platforms.

Correct answer: B

Explanation

The correct answer is B because implementing infrastructure as code with static analysis in CI/CD pipelines allows for automated policy enforcement, streamlining the deployment process while ensuring security. Option A, while useful, focuses on post-deployment checks rather than proactive policy enforcement. Option C introduces unnecessary complexity and may not effectively prevent issues before they occur. Option D compromises security by allowing developers unrestricted access in a production environment.