CompTIA Cloud+ (CV0-002) — Question 43

A security administrator wants to automate the implementation of network-based ACLs for services deployed within the company's VPC. The security administrator is mostly concerned with intra-VPN separation to prevent unauthorized communication between cloud deployed services within the VPC.
Which of the following should the security administrator implement?

Answer options

• A. Include a list of the firewall rules in the orchestration script
• B. Use the cloud API to deploy and configure anti-malware services
• C. Configure the appropriate IDS rules using the cloud portal
• D. Write custom scripts to deploy a network ACL between the VPC and the company's on-premises network

Correct answer: C

Explanation

The correct answer is C, as configuring IDS rules directly addresses the need for monitoring and controlling traffic between services within the VPC. Option A focuses on firewall rules, which do not specifically target intra-VPN traffic. Option B concerns anti-malware services, which are not relevant to ACL implementation, and Option D deals with network ACLs between the VPC and on-premises network, rather than within the VPC itself.