An organization is planning to migrate their application infrastructure to a public cloud provider using a Virtual Private Cloud (VPC) architecture. The security team wants to ensure proper network segmentation and isolation between different application tiers. Which VPC design feature would BEST satisfy this requirement?
Transit gateways with route tables
Edge locations with distribution policies
VPN gateways with encrypted tunnels
Subnets with associated network ACLs and security groups
Subnets with associated network ACLs and security groups provide the most comprehensive segmentation solution. Subnets create logically isolated network segments within a VPC, while network ACLs act as stateless firewalls controlling traffic at the subnet level. Security groups function as stateful firewalls at the instance level. Together, they implement defense-in-depth by creating logical boundaries between application tiers.
VPN gateways connect on-premises networks to VPCs but do not address internal segmentation. Transit gateways connect multiple VPCs but lack fine-grained segmentation capabilities. Edge locations are for content distribution, not network segmentation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between network ACLs and security groups in a VPC?
Open an interactive chat with Bash
How do subnets enable logical network segmentation in a VPC?
Open an interactive chat with Bash
Why are VPN gateways insufficient for internal VPC network segmentation?
Open an interactive chat with Bash
ISC2 CISSP
Communication and Network Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .