An organization is planning to migrate their application infrastructure to a public cloud provider using a Virtual Private Cloud (VPC) architecture. The security team wants to ensure proper network segmentation and isolation between different application tiers. Which VPC design feature would BEST satisfy this requirement?
Edge locations with distribution policies
Transit gateways with route tables
VPN gateways with encrypted tunnels
Subnets with associated network ACLs and security groups
Subnets with associated network ACLs and security groups provide the most comprehensive segmentation solution. Subnets create logically isolated network segments within a VPC, while network ACLs act as stateless firewalls controlling traffic at the subnet level. Security groups function as stateful firewalls at the instance level. Together, they implement defense-in-depth by creating logical boundaries between application tiers.
VPN gateways connect on-premises networks to VPCs but don't address internal segmentation. Transit gateways connect multiple VPCs but lack fine-grained segmentation capabilities. Edge locations are for content distribution, not network segmentation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are subnets and how do they work in a VPC?
Open an interactive chat with Bash
What are network ACLs and security groups, and how do they differ?
Open an interactive chat with Bash
What does defense-in-depth mean in network security?
Open an interactive chat with Bash
ISC2 CISSP
Communication and Network Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access