ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 304 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 304
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A user has configured two security groups which allow traffic as given below: 1: SecGrp1:
Inbound on port 80 for 0.0.0.0/0 Inbound on port 22 for 0.0.0.0/0 2: SecGrp2:
Inbound on port 22 for 10.10.10.1/32
If both the security groups are associated with the same instance, which of the below mentioned statements is true?

  • A. It is not possible to have more than one security group assigned to a single instance
  • B. It is not possible to create the security group with conflicting rules. AWS will reject the request
  • C. It allows inbound traffic for everyone on both ports 22 and 80
  • D. It allows inbound traffic on port 22 for IP 10.10.10.1 and for everyone else on port 80
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
A user can attach more than one security group to a single EC2 instance. In this case, the rules from each security group are effectively aggregated to create one set of rules. AWS uses this set of rules to determine whether to allow access or not. Thus, here the rule for port 22 with IP 10.10.10.1/32 will merge with IP
0.0.0.0/0 and open ports 22 and 80 for all.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
by tan9 at Dec. 13, 2019, 4:08 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cldy
3 years, 6 months ago
C. It allows inbound traffic for everyone on both ports 22 and 80
upvoted 1 times
...
aimar047
3 years, 7 months ago
clearly C
upvoted 1 times
...
SlinkySideWinder
3 years, 7 months ago
C also, Security group rules are always permissive; you can't create rules that deny access.
upvoted 1 times
...
SamuelK
3 years, 8 months ago
C is the right answer. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html If there is more than one rule for a specific port, we apply the most permissive rule. For example, if you have a rule that allows access to TCP port 22 (SSH) from IP address 203.0.113.1 and another rule that allows access to TCP port 22 from everyone, everyone has access to TCP port 22.
upvoted 3 times
Gorha
3 years, 7 months ago
correct, thanks for posting!
upvoted 1 times
...
...
Gorha
3 years, 8 months ago
Yes D is correct: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html
upvoted 1 times
Gorha
3 years, 7 months ago
sorry, C is correct the most permissive rule
upvoted 2 times
...
...
Danao
3 years, 8 months ago
C is correct.
upvoted 1 times
...
tan9
3 years, 8 months ago
D. If there is more than one rule for a SPECIFIC PORT, we apply the most permissive rule. For example, if you have a rule that allows access to TCP port 22 (SSH) from IP address 203.0.113.1 and another rule that allows access to TCP port 22 from everyone, everyone has access to TCP port 22. The rule on port 22 and the other on 80 should remain two separate rules in the merged rules set.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel