Valid Managing-Cloud-Security Dumps shared by EduDump.com for Helping Passing Managing-Cloud-Security Exam! EduDump.com now offer the newest Managing-Cloud-Security exam dumps, the EduDump.com Managing-Cloud-Security exam questions have been updated and answers have been corrected get the newest EduDump.com Managing-Cloud-Security dumps with Test Engine here:
An engineer needs to create segmentation using the built-in tools provided by the company's cloud provider. The InfoSec team has given the engineer directions to limit traffic using a security group between two cloud deployments in the organization. Which mechanisms should the engineer use to create this segmentation?
Correct Answer: B
Cloud security groups typically filter traffic based on ports and protocols. By allowing or denying specific port/protocol combinations, engineers can control communication between deployments. For example, permitting HTTPS (TCP port 443) while blocking other ports enforces segmentation. MAC addresses are not used in cloud-level segmentation because they apply to physical networks. Unique identifiers and definitions are not practical mechanisms for traffic filtering. Using ports and protocols aligns with the principle of least privilege by ensuring that only necessary communication pathways exist. In multi-deployment or hybrid cloud setups, this reduces the attack surface and prevents lateral movement by malicious actors. Security groups thereby provide logical network segmentation without requiring physical infrastructure changes.