Free CompTIA CloudNetX CNX-001 Actual Exam Questions - Question 10 Discussion

D is not needed because blocking outbound traffic to everywhere isn’t required here. A for allowing specific server access inside the cloud and C for denying external inbound traffic makes the most sense.

A/C? A is necessary for access between the servers. C denies all inbound traffic from outside, which fits the requirement to block external inbound traffic without messing with internal flows.

A definitely. Also C, since it blocks any inbound traffic that’s not from the internal subnet, keeping external access off. F seems too broad and might block needed internal comms.

Maybe A and F. A allows the specific internal traffic needed, and F blocks traffic from the internal subnet going outside, tightening control without opening external access.

F imo fits better than C because it specifically denies traffic from the internal subnet to anywhere else, which adds an extra layer of control. A's definitely needed to allow Server A to reach Server B.

A imo because we definitely need to allow that specific traffic from Server A to Server B. For the second, C also fits since it specifically blocks all inbound traffic from outside the 10.2.0.0/16 range, which keeps external traffic out as required. Options B, D, E, and F are either too broad or allow external access, which goes against the question's condition of blocking inbound external traffic.

Option A makes sense because Server A needs explicit permission to access Server B. Then, something that blocks all external inbound traffic is needed, so Option C fits since it denies any outside IPs from accessing the 10.2.0.0/16 range. The firewall options seem too broad or don’t target internal vs external clearly, and allowing everything (Option B or E) would go against the requirement to block external inbound traffic. The deny in F targets internal to external, so less relevant here. Would be curious if anyone thinks the firewall rules add anything important beyond NSG rules in this cas