Enhance your understanding of cloud network security with this quiz covering Virtual Private Clouds (VPCs), firewalls, and gateways. Evaluate your skills on key security principles, isolation techniques, and access controls to protect cloud-based infrastructures.
Which feature of a Virtual Private Cloud (VPC) ensures that different workloads remain logically separated from each other within the same cloud environment?
Explanation: Network segmentation divides a VPC into isolated subnets, allowing for secure separation of workloads and control over traffic flows. Traffic mirroring is used for network monitoring, not isolation. Public routing exposes resources to the internet, which may reduce isolation. Resource tagging helps organize resources but does not provide logical separation between workloads.
In a cloud environment, which statement best describes the main purpose of inbound firewall rules applied to a subnet?
Explanation: Inbound firewall rules are designed to control which types of incoming traffic are allowed to reach resources, thus helping to prevent unauthorized access. Assigning unique IP addresses is a function of network addressing, not firewall rules. Capturing outgoing traffic pertains to traffic analysis tools. Disk performance is unrelated to firewall configuration.
What is a common purpose of configuring a network gateway within a cloud VPC, such as when connecting private subnets to the internet?
Explanation: A gateway serves as a managed interface, controlling and securing the flow of data between private cloud resources and external networks. Automatic encryption of data at rest is a storage feature, not a gateway function. Gateways do not prevent route propagation; that is handled by routing configurations. Synchronizing time is managed by time services, not gateways.
When considering firewalls in cloud networking, what is a key difference between stateful and stateless firewall rules?
Explanation: Stateful firewalls maintain session information and automatically permit response traffic for established sessions. Stateless firewalls do not track the state of connections and apply rules to each packet individually. Neither firewall type is responsible for encryption by default, nor do they assign network addresses. Both types can function in public or private networks.
If a default route in a VPC’s route table directs all unknown traffic to an internet gateway, what is a potential security implication of this setup?
Explanation: Routing unknown traffic to an internet gateway can make internal resources accessible from outside sources, increasing the risk of external attacks if not properly controlled. This does not increase bandwidth, affect encryption mechanisms, or cause resource billing to pause. Proper firewall rules are essential to mitigate such potential exposure.