Exam CNX-001 topic 1 question 61 discussion

Actual exam question from CompTIA's CNX-001

Question #: 61
Topic #: 1

Server A (10.2.3.9) needs to access Server B (10.2.2.7) within the cloud environment since they are segmented into different network sections. All external inbound traffic must be blocked to those servers. Which of the following need to be configured to appropriately secure the cloud network? (Choose two.)

A. Network security group rule:
allow 10.2.3.9 to 10.2.2.7
B. Network security group rule:
allow 10.2.0.0/16 to 0.0.0.0/0
C. Network security group rule:
deny 0.0.0.0/0 to 10.2.0.0/16
D. Firewall rule:
deny 10.2.0.0/16 to 0.0.0.0/0
E. Firewall rule:
allow 10.2.0.0/16 to 0.0.0.0/0
F. Network security group rule:
deny 10.2.0.0/16 to 0.0.0.0/0

Show Suggested Answer

Suggested Answer: AC 🗳️

by SuntzuLegacy at May 19, 2025, 3:28 a.m.

Comments

Submit Cancel

SuntzuLegacy

1 month, 1 week ago

Selected Answer: AC

The simplest way to achieve the requirement is: Allow traffic only from the specific internal subnet/host (so Server A can reach Server B). Deny inbound traffic from anywhere (0.0.0.0/0) to that subnet. From the choices given, that translates to: A. Network security group rule allowing traffic from 10.2.3.9 to 10.2.2.7. C. Network security group rule denying inbound traffic from 0.0.0.0/0 to 10.2.0.0/16. These two rules ensure that only Server A can access Server B over the internal network, while blocking inbound traffic from the internet.

upvoted 1 times

...