A cloud administrator must provide each department with an isolated IP address space and independent routing rules while keeping all resources inside a single virtual private cloud (VPC). Which approach best meets these requirements?
Create individual subnets for each department, each with its own CIDR block and route table
Apply resource tags to all departmental resources for tracking and cost allocation
Define department-specific security groups and attach them to the same shared subnet
Deploy a separate NAT gateway for each department's resources
Creating a dedicated subnet for each department lets the administrator assign a unique CIDR block and attach a separate route table, ensuring both IP-address isolation and customized routing. Security groups and tags help with access control or cost management but do not create separate address spaces. Deploying a NAT gateway per department controls egress to the internet but still relies on a common subnet.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a CIDR block, and why is it important in creating subnets?
Open an interactive chat with Bash
How do route tables function in a VPC?
Open an interactive chat with Bash
What is the role of a NAT gateway, and why is it not the best solution in this scenario?