Certified Incident Handler (CIH) Practice Ecam

What practice helps incident responders defend Google Cloud against online threats?

• A. Employ terraform modules from private git repositories
• B. Allow unrestricted user access to resources
• C. Share credentials freely among users
• D. Neglect regular security audits

The correct answer is: Employ terraform modules from private git repositories

The correct choice emphasizes the importance of using Infrastructure as Code (IaC) practices, specifically through the use of Terraform modules sourced from private Git repositories. This practice allows incident responders to define and manage cloud infrastructure securely and efficiently. By employing Terraform modules, responders can automate deployment processes, ensure consistent configurations, and maintain version control, all of which are crucial for defending against online threats. Using private repositories enhances security by preventing unauthorized access to sensitive configurations and avoiding exposure of critical data. This approach allows organizations to implement best practices and standardize their infrastructure, reducing the risk of misconfigurations that could be exploited by attackers. In contrast, the other options represent poor security practices that could undermine the integrity of the cloud environment. Allowing unrestricted user access to resources can lead to unauthorized alterations or exposure of sensitive data. Sharing credentials freely undermines accountability and increases the risk of credential theft or misuse. Neglecting regular security audits prevents the identification of vulnerabilities and compliance issues, ultimately leaving the infrastructure more susceptible to attacks.