ISC2 Certified Cloud Security Professional (CCSP) Practice Question
While reviewing a multi-tenant IaaS design, you discover that traffic exchanged between virtual machines on the same VLAN is expected to be filtered before it ever leaves the host. To enforce this east-west isolation, which cloud infrastructure component must have the packet-filtering policy applied?
The border leaf router at the data center edge
The hypervisor's virtual switch on each compute host
The cloud orchestration layer's API endpoint
The top-of-rack physical switch connecting the hypervisor
In a virtualized IaaS environment, frames passed between two VMs on the same physical host travel through the hypervisor's virtual switch first. Because the virtual switch is a software construct running inside the host, it can apply ACLs or security-group rules and block or permit east-west traffic before the frames ever reach the physical NIC or any top-of-rack switch. Top-of-rack switches and routers only see traffic that has already left the host; the orchestration layer merely programs policies and does not forward packets.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is east-west traffic isolation important in a multi-tenant IaaS environment?
Open an interactive chat with Bash
What is a hypervisor's virtual switch and what role does it play in packet filtering?
Open an interactive chat with Bash
Why can't components like the top-of-rack switch or border leaf router enforce east-west isolation within a host?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Platform & Infrastructure Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .