Free CompTIA CloudNetX CNX-001 Actual Exam Questions - Question 13 Discussion
from certain locations. The network team configures a cloud firewall with WAF enabled, but users
can access the application globally. Which of the following should the network team do?
D. Since the goal is to limit access based on geographic location, geo-restriction is the most direct and effective method. WAF rules mainly handle threats and traffic patterns, not location-based blocking. NAT gateway or CDN won’t restrict where users connect from either, so they’re irrelevant here. Geo-restriction is designed for precisely this use case.
A/D? WAF rules might need tuning if geo blocks aren’t working as expected.
Probably D, since geo-restriction is meant for location-based access control.
The key point is blocking access by location, so just tweaking WAF rules (A) won’t cut it. Geo-restriction (D) is designed exactly for that purpose, so D seems like the way to go here.
A/D? The WAF is active but users still access globally, so just tweaking WAF rules (A) might not be enough if location restrictions aren’t in place. Geo-restriction (D) specifically blocks traffic by region, which fits the need here. NAT gateway (B) and CDN (C) don’t really control who accesses the app by location. So between A and D, D makes more sense since it directly targets geographic filtering.
Probably D. Geo-restriction’s exactly for limiting access by location.