A cloud administrator must provide each department with an isolated IP address space and independent routing rules while keeping all resources inside a single virtual private cloud (VPC). Which approach best meets these requirements?
Define department-specific security groups and attach them to the same shared subnet
Create individual subnets for each department, each with its own CIDR block and route table
Deploy a separate NAT gateway for each department's resources
Apply resource tags to all departmental resources for tracking and cost allocation
Creating a dedicated subnet for each department lets the administrator assign a unique CIDR block and attach a separate route table, ensuring both IP-address isolation and customized routing. Security groups and tags help with access control or cost management but do not create separate address spaces. Deploying a NAT gateway per department controls egress to the internet but still relies on a common subnet.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a CIDR block, and why is it important in creating subnets?
Open an interactive chat with Bash
How do route tables function in a VPC?
Open an interactive chat with Bash
What is the role of a NAT gateway, and why is it not the best solution in this scenario?