Free COMPTIA Cloud+ CV0-004 Actual Exam Questions - Question 7 Discussion
only by a corporate VPN and not by direct public internet access. Which of the
following would achieve this objective?
B imo, since ACLs can enforce strict IP-based rules, blocking any requests not coming from the corporate VPN’s IP range. While a VPC defines the network boundary, it doesn’t automatically restrict access without specific configurations. ACLs give that granular control to deny direct public internet traffic effectively. WAF and SSH don’t really fit here since WAF is more about web app protection and SSH is just a protocol, not a network access control mechanism.
It’s B because ACLs can explicitly block traffic from outside the VPN IP range, which directly prevents public internet access regardless of VPC setup. That’s more precise than just relying on a VPC alone.
Option B could work here too. Network ACLs can be set up to deny any traffic coming from non-VPN IP ranges, effectively blocking direct internet access. While VPCs provide the architecture, ACLs enforce the actual traffic rules. SSH (D) is just a protocol, and WAF (A) focuses on web app threats rather than network-level access control, so those seem less relevant for this specific requirement.
C imo. VPCs let you set up private subnets and route all traffic through the corporate VPN, blocking direct public internet access. ACLs (B) control traffic but might not fully ensure access only via VPN, since they can be complex and less flexible. WAF (A) protects apps from attacks but won’t enforce VPN-only access. SSH (D) is just a protocol, doesn’t control network access by itself. So VPC is the best fit to isolate resources behind the VPN.
Maybe C here. Using a VPC can help isolate cloud resources and control access, so you could restrict access to only come through the corporate VPN. WAF (A) mainly protects apps from web attacks but doesn’t stop direct internet access by itself. ACLs (B) can filter traffic too but are less comprehensive than a VPC for the whole environment setup. SSH (D) is just a protocol, not really about network access control in this context. So, gonna say VPC fits better for limiting public internet exposure altogether.