Answer-first summary for fast verification
Answer: Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.
The question focuses on enabling developer teams to deploy applications without the overhead of a full network and security review. Option B is optimal because it mandates Infrastructure as Code (IaC) with static analysis in CI/CD pipelines, which automates policy enforcement and security checks early in the development lifecycle. This preventive approach reduces manual review needs by embedding compliance into the deployment process, aligning with Google Cloud best practices for security automation. Community discussion strongly supports B (75% consensus), highlighting that IaC minimizes developer overhead and addresses the review components (transit routes, request handling, firewall rules) through automated checks. Option A (Forseti) is detective and reactive, catching issues in production rather than preventing them, which doesn't eliminate review overhead. Option C involves complex, customer-managed routing that adds operational burden and doesn't streamline deployments. Option D is impractical as it restricts GCP use and doesn't address the review process.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An organization's standard network and security review involves analyzing application transit paths, request processing, and firewall rules. They want to allow their developer teams to deploy new applications without the burden of this comprehensive review.
What is your recommendation for this organization?
A
Use Forseti with Firewall filters to catch any unwanted configurations in production.
B
Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.
C
Route all VPC traffic through customer-managed routers to detect malicious patterns in production.
D
All production applications will run on-premises. Allow developers free rein in GCP as their dev and QA platforms.
No comments yet.