ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CV0-003 All Questions

View all questions & answers for the CV0-003 exam
Go to Exam

Exam CV0-003 topic 1 question 105 discussion

Actual exam question from CompTIA's CV0-003
Question #: 105
Topic #: 1
[All CV0-003 Questions]

A cloud administrator is managing an organization's infrastructure in a public cloud. All servers are currently located in a single virtual network with a single firewall that all traffic must pass through. Per security requirements, production, QA, and development servers should not be able to communicate directly with each other.
Which of the following should an administrator perform to comply with the security requirement?
A.
✑ Create separate virtual networks for production, QA, and development servers.
✑ Move the servers to the appropriate virtual network.
✑ Apply a network security group to each virtual network that denies all traffic except for the firewall.
B.
✑ Create separate network security groups for production, QA, and development servers.
✑ Apply the network security groups on the appropriate production, QA, and development servers.
✑ Peer the networks together.
C.
✑ Create separate virtual networks for production, QA, and development servers.
✑ Move the servers to the appropriate virtual network.
✑ Peer the networks together.
D.
✑ Create separate network security groups for production, QA, and development servers.
✑ Peer the networks together.
✑ Create static routes for each network to the firewall.

Show Suggested Answer Hide Answer
Suggested Answer: B
by achow26 at Sept. 7, 2022, 10:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
achow26
Highly Voted 2 years, 2 months ago
Answer should be A. If the peering is in place between networks, all the traffic is not passing thru the single firewall.
upvoted 19 times
brickcity86
1 year, 10 months ago
Agreed, A is the only option mentioning restricting traffic through the firewall
upvoted 2 times
[Removed]
1 year, 9 months ago
I dont think, it is correct answer.... Simply deploying FW does not make any impact on traffic unless you route the traffic using UDR. It will keeep on communicating directly..... even NSG also says, vnet to vnet traffic is allowed by default....
upvoted 1 times
...
...
...
Pisces225
Most Recent 7 months, 1 week ago
Going with A, odd there's no voting comments available.
upvoted 2 times
...
FrancisDrake
10 months ago
I would think that the answer is A. The scenario stipulates no direct connection between networks.
upvoted 2 times
...
backdooranon
1 year ago
If you create multiple VLANs and then peer them together it does not fulfill "no direct connection between networks" condition
upvoted 1 times
...
Pongsathorn
1 year, 1 month ago
The correct option to comply with the security requirement of ensuring that production, QA, and development servers should not be able to communicate directly with each other in a public cloud environment is: **A.** - Create separate virtual networks for production, QA, and development servers. - Move the servers to the appropriate virtual network. - Apply a network security group to each virtual network that denies all traffic except for the firewall.
upvoted 1 times
Pongsathorn
1 year, 1 month ago
Here's why: - Creating separate virtual networks for each server group isolates them from each other, meeting the requirement for no direct communication. - Moving servers to their respective virtual networks ensures they are in the correct network segment. - Applying network security groups (NSGs) to each virtual network to deny all traffic except for the firewall enforces the desired isolation while allowing traffic to pass through the firewall for necessary communication. Option B suggests peering the networks together, which would enable communication between them, violating the security requirement. Option C, while suggesting separate virtual networks, also suggests peering them, which again would allow communication between them, not meeting the requirement. Option D suggests peering networks together and creating static routes, which is not necessary and doesn't guarantee isolation as required.
upvoted 1 times
...
...
maelo
1 year, 1 month ago
Answer should be A. Candidate B suggests network security groups + peering. I see no multiple networks created, just security groups. A allows strict traffic management.
upvoted 1 times
...
AustinKelleyNet
1 year, 9 months ago
Gotta be A
upvoted 1 times
...
[Removed]
1 year, 9 months ago
Answer is D Separate Networks for Prod, Dev n QA. Peer all these network. Defining route will override system route and will force traffic to move via FW. #HubNspoke connctivity.. :)
upvoted 1 times
...
CapJackSparrow
1 year, 9 months ago
Hub-and-spoke VPC design, with separate Production, Development, and Research spoke VPCs connected to a central "hub" VPC. Peering Peering connects two or more virtual networks. The virtual networks appear to consumers as a single network. In addition, fast connectivity is provided between the two networks, making data and resource access very efficient. Peering is used in the hub-and-spoke model to connect the spoke networks with the hub network. Note that the spoke networks are not peered to each other in the hub-and-spoke model.
upvoted 1 times
...
scott5010
1 year, 11 months ago
answer is B, all traffic MUST pass through the firewall and peering to create a hub spoke network
upvoted 2 times
...
ryanzou
2 years, 1 month ago
A is the answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago