IBM Cloud Associate Developer — Question 11

A VPC has been created with a single subnet. Virtual server instances have been deployed on the subnet that have different functions which support a production application. The security team has now said that they want to ensure that network traffic between the different server types can be controlled. How can this be achieved?

Answer options

• A. Use a Hardware Security Module to create advanced network routing tables that ensure traffic does not route between server types, as per the security team's wishes
• B. Create security groups for the different server types with inbound and outbound rules that satisfy the security team, into which the VSIs can be placed
• C. Create a VPC load balancer and place each server type into its own back-end pool, then create Layer-7 routing policies that restrict network traffic flowing between the different pools
• D. Create multiple access control lists with rules that satisfy the security team's requirements and associate each VSI to the respective ACL

Correct answer: A

Explanation

The correct answer is A because using a Hardware Security Module to create advanced routing tables can effectively prevent traffic between different server types as required by the security team. Options B, C, and D do not provide the same level of control over network traffic as they rely on security groups, load balancers, or access control lists, which can still allow traffic to flow between instances unless explicitly managed.