CV0-002 · Question #236
A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the followi
The correct answer is A. Configure security groups.. To statefully isolate traffic between subnets within an IaaS platform, the cloud architect should implement security groups.
Question
A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the following should the architect implement?
Options
- AConfigure security groups.
- BConfigure HIPS policies.
- CConfigure IDS policies.
- DConfigure a network ACL.
How the community answered
(28 responses)- A75% (21)
- B4% (1)
- C7% (2)
- D14% (4)
Why each option
To statefully isolate traffic between subnets within an IaaS platform, the cloud architect should implement security groups.
Security groups act as stateful virtual firewalls that control inbound and outbound traffic to network interfaces or instances within an IaaS platform. By configuring security group rules for specific subnets, an architect can effectively isolate traffic and allow stateful communication, ensuring that return traffic for an allowed outbound connection is automatically permitted.
HIPS (Host-based Intrusion Prevention System) operates on individual servers or clients to protect them from attacks, rather than providing network-level isolation between subnets in an IaaS environment.
IDS (Intrusion Detection System) monitors network or host activity for malicious patterns and alerts on threats, but it does not actively block or isolate traffic between subnets.
Network ACLs (Access Control Lists) are stateless firewalls that filter traffic at the subnet level. While they can isolate traffic, they are stateless, meaning they do not automatically allow return traffic for established connections, making security groups a better choice for stateful communication requirements.
Concept tested: IaaS network security, security groups
Source: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Topics
Community Discussion
No community discussion yet for this question.