Free CompTIA CloudNetX CNX-001 Actual Exam Questions - Question 15 Discussion
application will be based on the end users' role. In addition, the host must be deployed on the
192.168.77.32/30 subnet. Which of the following Zero Trust elements are being implemented in this
design? (Choose two.)
A and C, since roles limit access and a small subnet hints at segmenting the network.
A imo, role-based access is all about least privilege. For the subnet part, C fits since restricting to a small subnet is a basic form of microsegmentation, even if not super detailed here.
It’s A and C. Role-based access is classic least privilege, no doubt. The fact that the app has to be on a specific /30 subnet restricts which devices can reach it, which is a form of network segmentation. Even if it’s basic, it still aligns with microsegmentation principles by limiting the attack surface through network controls. Other options like device trust or MFA aren’t mentioned, so they don’t fit here.
Maybe D and A here. The role-based access definitely fits least privilege since users only get what they need. Deploying on a specific subnet might hint at some control over network traffic, but it feels more like controlling access through a cloud app security broker (CASB) rather than just network segmentation. CASB can enforce policies based on user roles and apps. So, combining least privilege with CASB seems reasonable for these requirements.
It’s A and C for me too. Role-based access nails least privilege, and putting the app on a tiny subnet limits exposure, which matches microsegmentation principles. The subnet choice isn’t random here.
Option A for least privilege makes sense since user roles limit access, and option C fits because using that small subnet isolates traffic, which is basically microsegmentation in practice.
I think A (Least privilege) makes sense since access is based on user roles. Also, C (Microsegmentation) fits because deploying on a specific subnet isolates the app. What do you guys think?