Exam SY0-601 topic 1 question 431 discussion

-C The most appropriate cloud feature to ensure access is granted properly is resource policies. Resource policies are a powerful tool for managing access to cloud resources. They allow cloud security engineers to specify permissions and restrictions at a granular level, controlling access to specific resources or actions within the cloud environment. By using resource policies, cloud security engineers can implement a fine-grained access control system that can help prevent unauthorized access to sensitive data. API integrations (option A) are used to connect different cloud services and applications, but they are not directly related to managing access to cloud resources. Auditing (option B) is used to track changes and access to cloud resources, but it does not directly control access to those resources. Virtual networks (option D) are used to isolate and secure network traffic within the cloud environment, but they are not directly related to managing access to cloud resources.

Resource policies in cloud security are used to govern access and permissions for specific cloud resources, such as virtual machines, storage accounts, and databases. These policies allow cloud security engineers to define rules that control access and actions on these resources, ensuring that only authorized users and systems can interact with them. Resource policies are commonly used in cloud environments to enforce security controls and compliance requirements, such as restricting access to sensitive data, enforcing encryption, or enforcing geographic data residency rules. These policies are enforced at the cloud provider level, meaning that the access controls and permissions are managed by the cloud provider rather than by individual users or organizations.

for me, the keyword here is, specific features.

Cloud storage services require permissions just like any resource. File servers need permissions. Mail servers need permissions. You get the idea. Cloud service providers—let’s just say AWS, as Amazon invented this term—call their permissions resource policies. A policy is an object in AWS that defines the permissions to an identity or resource. AWS defines two types of resource policies: identity-based policies and resource-based policies. Identity-based policies are assigned to users, groups, or roles. Resource-based policies are attached to a resource." -Mike Meyers' Security+ Certification Guide Third Edition SY0-601

c. Auditing (option B) is used to track changes and access to cloud resources, but it does not directly control access to those resources.

Resource policies would be the most appropriate feature to ensure access is granted properly. Resource policies allow you to specify who has access to your resources and what actions they can perform on those resources.

C. Resource policies

Resource policies would be the most appropriate cloud feature to ensure that access is granted properly. Resource policies are used to define who can access specific resources and what actions they can perform on those resources. By configuring resource policies, cloud security engineers can control access to specific features and increase data security.