Which of the following services would restrict connectivity - CompTIA CLO-002

Correct Answer: A. Security lists

Security lists are specifically designed for cloud environments to restrict or allow connectivity by applying ingress (incoming) and egress (outgoing) rules. They are tightly integrated into cloud platforms and allow granular control over access to resources.

• Why it's correct:
  Security lists directly manage traffic restrictions to cloud resources. They operate at the subnet or virtual machine (VM) level in cloud environments. Rules can block or permit traffic based on IP addresses, port numbers, and protocols.
  • For example, a security list in Oracle Cloud Infrastructure (OCI) might allow HTTP traffic (port 80) from the internet but block all other access.

Why others are incorrect

Firewall (Incorrect)

Firewalls are broader in scope compared to security lists. While they also control traffic, firewalls are generally applied at a network perimeter or between systems, often requiring additional configuration in cloud setups.

• Why it's incorrect:
  Firewalls are not exclusive to cloud environments and often serve as an external security layer. While they can restrict connectivity, they are not specifically integrated with cloud resources like security lists. Additionally, they are more suited to complex scenarios such as protecting entire networks.

VPN (Virtual Private Network) (Incorrect)

A VPN provides secure connectivity between devices or networks by creating an encrypted tunnel over public networks. Its primary role is to ensure data security and confidentiality during transmission.

• Why it's incorrect:
  VPNs enable connectivity and secure data transfer, but they do not restrict or manage traffic. For example, a VPN can allow a remote worker to securely connect to a cloud network, but it won't control which specific services or ports can be accessed.

Intrusion Detection System (IDS) (Incorrect)

An IDS is a monitoring tool that analyzes network traffic to identify potential threats or malicious activity. It provides alerts but does not actively block or allow traffic.

• Why it's incorrect:
  IDS systems are passive tools. While they help detect suspicious activity, they do not restrict connectivity. For example, an IDS might detect a brute-force login attempt on a cloud server and send an alert, but it won’t prevent the attempt itself.