nerdexam
CompTIA

CV0-002 · Question #236

A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the followi

The correct answer is A. Configure security groups.. To statefully isolate traffic between subnets within an IaaS platform, the cloud architect should implement security groups.

Security

Question

A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the following should the architect implement?

Options

  • AConfigure security groups.
  • BConfigure HIPS policies.
  • CConfigure IDS policies.
  • DConfigure a network ACL.

How the community answered

(28 responses)
  • A
    75% (21)
  • B
    4% (1)
  • C
    7% (2)
  • D
    14% (4)

Why each option

To statefully isolate traffic between subnets within an IaaS platform, the cloud architect should implement security groups.

AConfigure security groups.Correct

Security groups act as stateful virtual firewalls that control inbound and outbound traffic to network interfaces or instances within an IaaS platform. By configuring security group rules for specific subnets, an architect can effectively isolate traffic and allow stateful communication, ensuring that return traffic for an allowed outbound connection is automatically permitted.

BConfigure HIPS policies.

HIPS (Host-based Intrusion Prevention System) operates on individual servers or clients to protect them from attacks, rather than providing network-level isolation between subnets in an IaaS environment.

CConfigure IDS policies.

IDS (Intrusion Detection System) monitors network or host activity for malicious patterns and alerts on threats, but it does not actively block or isolate traffic between subnets.

DConfigure a network ACL.

Network ACLs (Access Control Lists) are stateless firewalls that filter traffic at the subnet level. While they can isolate traffic, they are stateless, meaning they do not automatically allow return traffic for established connections, making security groups a better choice for stateful communication requirements.

Concept tested: IaaS network security, security groups

Source: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Topics

#network isolation#security groups#IaaS networking#stateful firewall

Community Discussion

No community discussion yet for this question.

Full CV0-002 Practice