Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

A cloud migration team must secure a three-tier application hosted in a public IaaS virtual network. Policy requires that (1) only HTTPS from the Internet can reach the public load balancer, (2) application VMs accept traffic only from the load-balancer subnet, (3) database VMs accept traffic only from the application subnet, and (4) no VM can initiate direct Internet access. Which solution BEST enforces these requirements while still following the principle of least privilege?

  • Attach a single network ACL to the Internet gateway that permits HTTPS and blocks all other traffic.

  • Deploy a managed web application firewall in front of the load balancer and rely on its default configuration.

  • Enable host-based firewalls on every VM and disable all cloud-provided network controls to avoid rule conflicts.

  • Associate separate stateful network security groups with each subnet and create specific inbound and outbound rules for the web, application, and database tiers.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot