The correct answer isA. Enables programmatic configuration.
InSoftware-Defined Networking (SDN), the control plane and data plane are decoupled, meaning that thenetwork intelligence (control plane)is separated from thetraffic forwarding functions (data plane). This separation allows network control to be directly programmable, rather than embedded within the hardware.
Key Benefits of Decoupling:
Programmatic Configuration:Network administrators can program the network dynamically using software applications. This programmability enablesautomated, flexible, and efficient network management.
Centralized Control:The control plane is managed from acentralized controller, which can adjust network configurations in real-time.
Reduced Hardware Dependency:Since the control logic is no longer embedded in individual hardware devices, it is easier to use commodity hardware andstandardized interfaces.
Agility and Scalability:Organizations can rapidly deploy new services and update configurations without altering the underlying hardware.
Why Other Options Are Incorrect:
B . Decreases network security:Decoupling does not inherently decrease security. In fact, centralized control can enhance security through consistent policy enforcement.
C . Increases hardware dependency:The opposite is true. SDN reduces dependency on proprietary hardware by enabling software-based management.
D . Increases network complexity:While SDN introduces new software components, it simplifies network management bycentralizing control and reducing hardware configuration complexities.
Real-World Example:
In a cloud environment, SDN controllers likeOpenDaylightorCisco ACIallow fordynamic routing,load balancing, andtraffic managementthrough APIs. This flexibility supportsautomated scaling and traffic optimization.
Reference:
CSA Security Guidance v4.0, Domain 7: Infrastructure Security
Cloud Computing Security Risk Assessment (ENISA) - SDN and Network Virtualization Cloud Controls Matrix (CCM) v3.0.1 - Network Security Domain

Application security in the cloud must be viewed as a shared responsibility. Providers deliver basic security features, but custom configurations and additional controls are often needed to meet organizational requirements.
From CSA Security Guidance v4.0 - Domain 10: Application Security:
"Cloud consumers should not assume default security settings are sufficient. Security features provided by cloud service providers often require additional configuration and hardening. Custom security controls may be needed to address specific organizational risks and compliance needs." (CSA Security Guidance v4.0, Domain 10)

Many cloud providers offer default encryption for data at rest, which is typically enabled automatically for data stored within the cloud. In these cases, the encryption is often done using the cloud provider's keys as part of the provider's security infrastructure, and it is usually provided at no additional cost to the customer. This ensures that data is protected while at rest, reducing the risk of unauthorized access.

In serverless computing models, the primary security concern is ensuring that secrets (such as API keys, database credentials, etc.) and configuration settings are handled securely. The principle of least privilege means that these secrets and configurations should only be accessible by the minimum set of functions or services that truly need them, reducing the attack surface. Proper management of secrets and configurations ensures that unauthorized access or misuse is prevented.
Disabling console access completely or using privileged access management is important for securing any environment, but it is not specifically tied to serverless models. Validating the underlying container security is more relevant to containerized environments rather than serverless computing, which abstracts away infrastructure management. Placing serverless components behind application load balancers is useful for routing traffic but is not specifically critical for securing the serverless model itself. Managing secrets and access controls is a more direct concern for securing serverless environments.