A regulated analytics workload must run in the cloud with the strongest isolation from other customers, but the company does not want to manage its own physical server room. Which placement is most appropriate?

A public subnet with an internet gateway so the workload can be reached directly.

This is convenient for access, but it prioritizes exposure over tenant isolation and is not the strongest containment option.

A shared-tenancy virtual machine in the provider's default compute pool.

Shared tenancy is cost-effective, but it does not provide the strongest separation from other customers.

A serverless function because it removes all underlying infrastructure concerns.

Serverless abstracts infrastructure, but it is not the same as dedicated single-tenant placement for a regulated workload.

What does this SY0-701 question test?

CIDR notation defines the prefix length.

What is the correct answer to this question?

The correct answer is: A dedicated host or equivalent single-tenant compute placement in the provider's environment. — A dedicated host or equivalent single-tenant compute placement is the best choice when a workload needs the strongest practical isolation from other customers without the organization managing physical hardware. The cloud provider still runs the hardware, but the customer gets exclusive use of that host. This reduces tenant-sharing concerns and is often selected for compliance-driven workloads where separation matters more than cost efficiency. Why others are wrong: A exposes the workload unnecessarily and does not address tenant isolation. B is a normal cloud option, but shared tenancy is not the strongest isolation model. D may simplify operations, but serverless is a different service model and does not specifically provide the same single-host isolation as a dedicated placement option.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.