A cloud administrator must provide each department with an isolated IP address space and independent routing rules while keeping all resources inside a single virtual private cloud (VPC). Which approach best meets these requirements?
Create individual subnets for each department, each with its own CIDR block and route table
Define department-specific security groups and attach them to the same shared subnet
Apply resource tags to all departmental resources for tracking and cost allocation
Deploy a separate NAT gateway for each department's resources
Creating a dedicated subnet for each department lets the administrator assign a unique CIDR block and attach a separate route table, ensuring both IP-address isolation and customized routing. Security groups and tags help with access control or cost management but do not create separate address spaces. Deploying a NAT gateway per department controls egress to the internet but still relies on a common subnet.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a subnet?
Open an interactive chat with Bash
How do routing rules work for separate subnets?
Open an interactive chat with Bash
What is the difference between resource metadata and subnet separation?