A security architect wants to standardize the company's cloud environment deployments to prevent configuration drift and ensure consistent security controls. The goal is to define all infrastructure components-such as virtual networks, subnets, and firewall rules-in human-readable, version-controlled files. This will allow for automated, repeatable, and auditable deployments. Which of the following concepts BEST describes this approach?
Configuration Management Database (CMDB)
Security Orchestration, Automation, and Response (SOAR)
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure through machine-readable definition files, which are stored in a version control system. This directly addresses the architect's goal of using version-controlled files for consistent and automated deployments. Security Orchestration, Automation, and Response (SOAR) focuses on automating incident response workflows, not provisioning infrastructure. Continuous Integration/Continuous Deployment (CI/CD) is a broad set of practices for automating the software delivery lifecycle; while IaC is often a component of a CI/CD pipeline, it is the more specific answer for managing infrastructure definitions. A Configuration Management Database (CMDB) is a repository that stores information about IT assets and their configurations but is not the methodology for deploying them.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Infrastructure as Code (IaC)?
Open an interactive chat with Bash
What are the benefits of using version control in IaC?