CompTIA Network+ Practice Test for Subdomain 1.3 #01

Your organization is migrating its legacy data center workloads to a cloud provider, and the network architect is leading a project to replace physical network appliances such as firewalls, load balancers, and WAN optimizers with software-based equivalents running on standard virtualized servers. This approach eliminates the dependency on proprietary hardware by decoupling network functions from the dedicated physical devices that have traditionally hosted them. The architect explains that this strategy is consistent with a modern networking framework that has seen widespread adoption in both cloud environments and carrier-grade service provider networks. What is the term for the architecture that decouples network functions from dedicated hardware and runs them as software on general-purpose virtualized infrastructure?

A cloud infrastructure engineer at a financial institution is setting up a new environment in a public cloud provider and needs to create an isolated, logically partitioned section of the cloud where the company can deploy virtual machines, databases, and application servers with full control over IP address ranges, route tables, subnets, and inbound and outbound access rules. The environment must behave similarly to a traditional on-premises private network but be hosted entirely within the public cloud provider's global infrastructure. The engineer is asked to identify the correct cloud networking construct before proceeding with the initial deployment. Which cloud networking construct provides a logically isolated, customer-controlled private network environment within a public cloud provider's infrastructure?

A cloud administrator at a retail company is configuring access controls for a group of virtual machine instances running a web application tier in a public cloud environment. The administrator needs to apply stateful inbound and outbound traffic rules associated directly with these specific VM instances to control which ports and protocols are permitted, functioning much like a virtual firewall at the instance level. The cloud provider's documentation indicates that this feature can be associated with multiple instances, updated centrally, and that return traffic is automatically permitted without requiring an explicit rule because the mechanism tracks connection state. Which cloud security mechanism functions as a stateful, instance-level virtual firewall that controls inbound and outbound traffic for cloud compute resources?

A cloud network engineer is reviewing the access control architecture for a virtual network segment and notices that one layer of traffic filtering is applied at the subnet level rather than at individual instance level. This subnet-level control evaluates rules in a numbered priority order and processes both inbound and outbound rules statelessly, meaning that return traffic for an allowed connection must be explicitly permitted by a corresponding rule in the opposite direction. The engineer's colleague explains that this type of access control object applies broadly to all resources within the subnet and is fundamentally different from instance-level security groups due to its stateless evaluation model. Which cloud network security construct operates at the subnet level, evaluates rules in numbered order, and is stateless, requiring explicit rules for both directions of traffic?

A cloud engineer is building a new three-tier application architecture inside a virtual private cloud and needs to enable the web-tier instances deployed in public subnets to both receive inbound HTTP and HTTPS connections from users on the internet and initiate outbound connections to fetch external software updates and third-party API responses. The engineer must attach a specific cloud networking component to the VPC and add a route in the public subnet's route table directing 0.0.0.0/0 traffic through it. Without this component in place, even instances assigned public IP addresses within the VPC have no functional path to or from the public internet. What is the name of the cloud networking component that enables full bidirectional internet connectivity for instances in a public subnet?

A cloud network engineer at a healthcare company has deployed a fleet of application servers in a private subnet within a virtual private cloud. These servers must be able to download OS patches and security updates from the internet and query external third-party APIs, but the organization's security policy strictly prohibits any inbound connections being initiated from the public internet directly toward these private instances. The engineer needs to configure a managed cloud component that allows the private instances to make outbound requests while ensuring their private IP addresses are not exposed to and not directly reachable from the internet. Which cloud networking component enables instances in a private subnet to initiate outbound-only connections to the internet while blocking inbound internet-initiated connections?

A network engineer at a manufacturing company needs to establish connectivity between the company's on-premises data center and a virtual private cloud hosted at a major cloud provider. The connection must be operational within hours using the organization's existing internet links, and all traffic traversing the connection must be encrypted to satisfy the company's data-in-transit security policy. The organization does not have the budget or timeline to procure a dedicated private circuit from a telecommunications provider, so the solution must use the public internet as its underlying transport while still providing confidentiality through encryption. Which cloud connectivity option creates an encrypted tunnel over the public internet to link an on-premises network securely to a cloud virtual private cloud?

The IT leadership at a media streaming company is concerned that their current cloud connectivity solution routes production traffic over the public internet, introducing unpredictable latency and bandwidth variability that degrades the company's video encoding pipeline performance. The CTO approves procurement of a dedicated private network circuit from a telecommunications provider that will connect the company's data center directly to the cloud provider's network edge, completely bypassing the public internet. This solution will provide consistent throughput, lower and more predictable latency, and will also help satisfy compliance requirements around data sovereignty and traffic isolation for certain regulated content types. Which cloud connectivity option provides a dedicated, private network connection between an on-premises data center and a cloud provider that does not traverse the public internet?

A solutions architect at a consulting firm is advising a client that wants to host their custom-built Python-based web application in the cloud without managing the underlying operating systems, patching servers, or configuring runtime environments. The client's development team simply wants to upload their application code and configuration, and have the cloud provider automatically handle the infrastructure layer, runtime, and middleware needed to run the application. The architect must identify which cloud service model aligns with this requirement so the correct cloud product category can be selected during the procurement process. Which cloud service model allows a developer to deploy and run custom application code without managing the underlying operating system, server hardware, or runtime infrastructure?

A senior cloud architect at a logistics company is reviewing the organization's cloud strategy and explains to a junior team member several key characteristics of cloud computing. The architect highlights a specific property that allows the platform to automatically and dynamically increase computing resources during the peak holiday shipping season — when order processing volumes surge tenfold — and then immediately release those excess resources back to the pool the moment demand subsides, ensuring the company pays only for what it actually uses in real time. The junior team member is asked to distinguish this property from related but distinct concepts such as the ability to serve many tenants on shared infrastructure, or simply the ability to grow a system to a larger capacity over time. Which cloud characteristic describes the ability to automatically and dynamically provision and release resources in real time in direct response to fluctuating workload demand?