CompTIA
CV0-003 · Question #236
CV0-003 Question #236: Real Exam Question with Answer & Explanation
The correct answer is A: Configure security groups.. Security groups in IaaS platforms provide stateful firewall control between subnets, tracking connection state so return traffic is automatically permitted.
Security
Question
A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the following should the architect implement?
Options
- AConfigure security groups.
- BConfigure HIPS policies.
- CConfigure IDS policies.
- DConfigure a network ACL.
Explanation
Security groups in IaaS platforms provide stateful firewall control between subnets, tracking connection state so return traffic is automatically permitted.
Common mistakes.
- B. HIPS (Host-based Intrusion Prevention System) operates at the endpoint/OS level to block malicious behavior, not to control stateful network traffic flow between subnets.
- C. IDS (Intrusion Detection System) monitors and alerts on suspicious traffic but does not enforce access control or provide stateful traffic management between subnets.
- D. Network ACLs are stateless and evaluate each packet independently, requiring explicit rules for both inbound and outbound traffic, which does not meet the stateful communication requirement.
Concept tested. Stateful traffic control using cloud security groups
Reference. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html
Topics
#security groups#subnet isolation#stateful firewall#IaaS networking
Community Discussion
No community discussion yet for this question.