CompTIA CASP+ (CAS-004) — Question 486
A cloud security architect is designing the infrastructure for a new, virtualized application. The architecture must support the following:
• Containerization of workloads with different data classification levels
• Streamlined policy management
• Defense against APTs and other malware threats
Which of the following is an architectural design that supports the application's requirements?
Answer options
- A. Screened subnets
- B. Virtual private cloud
- C. Serverless functions
- D. Microsegmentation
Correct answer: D
Explanation
The correct answer, D (Microsegmentation), allows for granular security controls and isolation of workloads based on data classification levels, which is essential for the application's requirements. Options A (Screened subnets) and B (Virtual private cloud) do not provide the required level of policy management and workload separation, while C (Serverless functions) does not specifically address the needs of containerization and threat defense.