Cloud Offerings for Meeting PCI DSS Requirements
Question
In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized.
Which two cloud offerings meet this requirement without additional compensating controls? (Choose two.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.AC.
https://cloud.google.com/solutions/pci-dss-compliance-in-gcpThe Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards established by the PCI Security Standards Council to ensure that all organizations that accept, process, store, or transmit credit card information maintain a secure environment.
In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized. This means that all traffic leaving their network must be monitored and controlled to prevent any unauthorized access to sensitive data.
To meet this requirement, two cloud offerings that provide built-in network security features are:
Compute Engine: Google Cloud Compute Engine is an Infrastructure-as-a-Service (IaaS) offering that allows customers to create and manage virtual machines (VMs) on Google's infrastructure. Compute Engine provides a firewall that allows customers to control incoming and outgoing traffic to and from their VMs. Customers can create firewall rules to allow or deny traffic based on source IP address, destination IP address, protocol, and port.
Google Kubernetes Engine: Google Kubernetes Engine is a managed container orchestration service that allows customers to deploy and manage containerized applications on Google's infrastructure. Kubernetes Engine provides a network policy feature that allows customers to define and enforce network security policies at the pod and namespace level. Customers can create network policies to allow or deny traffic based on source IP address, destination IP address, protocol, and port.
In contrast, App Engine, Cloud Functions, and Cloud Storage do not provide built-in network security features that allow customers to control outgoing traffic without additional compensating controls. These offerings are Platform-as-a-Service (PaaS) and Storage-as-a-Service (SaaS) offerings that provide higher-level abstractions than IaaS and managed container services. While customers can use other Google Cloud Platform services or third-party tools to control outbound traffic from these offerings, they do not provide built-in firewall or network policy features that directly meet the requirement.
