In FusionCompute, which of the following statements are false about security groups?

According to the Huawei HCIA-Cloud Computing documentation, security groups act as a distributed virtual firewall for Virtual Machines (VMs). Statement C is FALSE because FusionCompute allows a single Virtual Machine (or more specifically, a virtual NIC) to belong to multiple security groups simultaneously. This multi-group association allows for tiered security policies, such as having one security group for general web traffic and another for specific management access. When a VM belongs to multiple groups, the rules from all groups are aggregated to determine the final access control list.

Statement D is alsoFALSEbecause of the terminology regarding the "creation" location. In the FusionCompute architecture, security groups are logical objects created and managed within theVRM (Virtual Resource Management)portal, not "on the VMs" themselves. A security group exists independently of any specific VM; administrators create the group and define its rules first, and then they associate VMs with that group. Furthermore, users do not add rules "on VMs"; they add rules to the security group object in the management plane, which the system then automatically pushes to the corresponding CNA hosts where the VMs are running.

The other statements are technically accurate. Statement A is correct as Huawei’s security groups utilize the underlying LinuxiptablesorOVS (Open vSwitch)flow rules to filter packets at the hypervisor level. Statement B is also true; a VM's security group membership can be modified dynamically while the VM is in a running state without requiring a restart or causing a service interruption. This flexibility is a key feature of Huawei’s software-defined networking, allowing for real-time security adjustments in a dynamic cloud environment.

====================