CompTIA Cloud+ (CV0-002) — Question 111

A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other.
Given this scenario, which of the following should the architect implement?

Answer options

• A. Configure security groups.
• B. Configure HIPS policies.
• C. Configure IDS policies.
• D. Configure a network ACL.

Correct answer: A

Explanation

The correct answer is A, as security groups are specifically designed to control inbound and outbound traffic at the instance level and allow stateful communication between subnets. Options B and C, which involve HIPS and IDS policies, are more focused on intrusion detection and prevention rather than traffic isolation. Option D, network ACLs, provide stateless filtering and do not allow for the same level of stateful communication between subnets.