Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CNX-001

CompTIA CNX-001 Exam Questions
CompTIA CloudNetX (Page 6 )

Updated On: 20-Mar-2026
Page 3 of 18
PDF with 84 Questions

A company hosts a cloud-based e-commerce application and only wants the application accessed from certain locations. The network team configures a cloud firewall with WAF enabled, but users can access the application globally.
Which of the following should the network team do?

  1. Reconfigure WAF rules.
  2. Configure a NAT gateway.
  3. Implement a CDN.
  4. Configure geo-restriction.

Answer(s): D

Explanation:

Geo-restriction lets you block or allow traffic based on the requester's geographic region, preventing access from locations you haven't authorized.



A network architect must ensure only certain departments can access specific resources while on premises. Those same users cannot be allowed to access those resources once they have left campus.
Which of the following would ensure access is provided according to these requirements?

  1. Enabling MFA for only those users within the departments needing access
  2. Configuring geofencing with the IPs of the resources
  3. Configuring UEBA to monitor all access to those resources during non-business hours
  4. Implementing a PKI-based authentication system to ensure access

Answer(s): B

Explanation:

By defining an IP-based geofence around the on-premises network addresses where those resources reside, you ensure that only users connecting from inside the campus IP ranges can reach them. As soon as the same users leave that network (and thus fall outside the geofenced IP block), access is automatically denied.



A security architect needs to increase the security controls around computer hardware installations.
The requirements are:

Auditable access logs to computer rooms

Alerts for unauthorized access attempts

Remote visibility to the inside of computer rooms

Which of the following controls best meet these requirements? (Choose two.)

  1. Video surveillance
  2. NFC access cards
  3. Motion sensors
  4. Locks and keys
  5. Security patrols
  6. Automated lighting

Answer(s): A,B

Explanation:

Video surveillance provides continuous, remote visibility into computer rooms and can be integrated with analytics to generate alerts on unauthorized presence.

NFC access cards enforce controlled entry with a system that logs every card swipe and issues alerts on failed or out-of-hours attempts, giving you auditable access records and immediate notifications of any suspicious activity.



A network security engineer must secure a web application running on virtual machines in a public cloud. The virtual machines are behind an application load balancer.
Which of the following technologies should the engineer use to secure the virtual machines? (Choose two.)

  1. CDN
  2. DLP
  3. IDS
  4. WAF
  5. SIEM
  6. NSG

Answer(s): D,F

Explanation:

WAF: Protects the web application by inspecting incoming HTTP/HTTPS requests at the load balancer, blocking SQL injection, XSS, and other common web attacks.

NSG: Enforces network-layer controls on the VMs' subnets or interfaces, allowing only approved ports and IP ranges to reach the application servers.



A company is expanding operations and opening a new facility. The executive leadership team decides to purchase an insurance policy that will cover the cost of rebuilding the facility in case of a natural disaster.
Which of the following describes the team's decision?

  1. Business continuity
  2. Disaster recovery
  3. Risk transference
  4. Memorandum of understanding

Answer(s): C

Explanation:

By purchasing an insurance policy, the company shifts the financial burden of rebuilding after a natural disaster to the insurer, which is the essence of risk transference.



Viewing page 6 of 18
Viewing questions 26 - 30 out of 84 questions



Post your Comments and Discuss CompTIA CNX-001 exam dumps with other Community members:

CNX-001 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!