ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During deployment of a new cloud management appliance that will orchestrate virtual machines across multiple hypervisor clusters, the cloud operations team wants to minimize the risk that tenant traffic could be used to reach the appliance. Which network design change should be implemented before placing the appliance into production?
Enable switch port mirroring and send a copy of tenant traffic to the appliance for inspection.
Assign the appliance a routable IP on the same VLAN as tenant VMs and rely on its host-based firewall for access control.
Connect the appliance directly to the storage network so that it bypasses the compute fabric.
Place the appliance interface in a dedicated out-of-band VLAN reachable only through a jump host that enforces SSH and MFA.
A dedicated out-of-band management VLAN provides physical and logical separation between the management plane and tenant or data traffic. By forcing administrators to reach the appliance only through a jump host protected with Secure Shell and multi-factor authentication, lateral movement from guest networks is prevented and attack surface is reduced. Merely using a host-based firewall on a shared VLAN still exposes the interface to broadcast and multicast traffic and to any misconfigured ACLs. Connecting the appliance to the storage network does not isolate it from tenant hosts that also access the same fabric. Port mirroring is a monitoring feature; it does not restrict access and actually increases exposure by sending additional traffic toward the appliance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VLAN and why is it important in cloud environments?
Open an interactive chat with Bash
What is the role of a jump host in securing access to critical systems?
Open an interactive chat with Bash
Why does enforcing SSH with MFA provide better security for network management?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .