nerdexam
Cisco

400-007 · Question #232

A business customer deploys workloads in the public cloud. Now the customer network faces governance issues with the flow of IT traffic and must ensure the security of data and intellectual property.

The correct answer is D. Apply workload policies that dictate the security requirements to the workloads that are placed in. Applying workload-level security policies directly to cloud-hosted workloads identifies governance violations at the source and enables remediation of data and traffic flow issues within the public cloud.

Designing Security

Question

A business customer deploys workloads in the public cloud. Now the customer network faces governance issues with the flow of IT traffic and must ensure the security of data and intellectual property. Which action helps to identify the issue for further resolution?

Options

  • ASet up a secure tunnel from customer routers to ensure that traffic is protected as it travels to the
  • BSend IPFIX telemetry data from customer routers to a centralized collector to identify traffic to
  • CBuild a zone-based firewall policy on Internet edge firewalls that collects statistics on traffic sent
  • DApply workload policies that dictate the security requirements to the workloads that are placed in

How the community answered

(27 responses)
  • A
    4% (1)
  • B
    11% (3)
  • C
    4% (1)
  • D
    81% (22)

Why each option

Applying workload-level security policies directly to cloud-hosted workloads identifies governance violations at the source and enables remediation of data and traffic flow issues within the public cloud.

ASet up a secure tunnel from customer routers to ensure that traffic is protected as it travels to the

A VPN tunnel secures traffic in transit between the customer site and the cloud provider but provides no visibility or governance over east-west traffic flows and workload behavior within the cloud environment itself.

BSend IPFIX telemetry data from customer routers to a centralized collector to identify traffic to

IPFIX telemetry from customer routers captures perimeter flows but misses lateral traffic between cloud workloads and provides incomplete visibility into the cloud-internal governance issues driving the problem.

CBuild a zone-based firewall policy on Internet edge firewalls that collects statistics on traffic sent

A zone-based firewall on Internet edge devices only inspects north-south traffic crossing the perimeter and cannot observe or enforce governance policies on traffic flowing between workloads inside the public cloud.

DApply workload policies that dictate the security requirements to the workloads that are placed inCorrect

Workload policies applied directly in the cloud - such as microsegmentation rules, cloud-native security groups, or frameworks like Cisco Secure Workload - expose which workloads are violating data handling and traffic governance requirements by enforcing and logging policy at the compute layer where intellectual property resides. This approach targets the root of the governance gap rather than observing it indirectly at the network perimeter, enabling teams to identify specific non-compliant workloads and remediate them precisely.

Concept tested: Cloud workload policy enforcement for traffic governance and data security

Source: https://www.cisco.com/c/en/us/products/security/secure-workload/index.html

Topics

#cloud governance#workload security#data protection#cloud workload policies

Community Discussion

No community discussion yet for this question.

Full 400-007 Practice