An organization is setting a website on the AWS VPC. The organization has blocked a few IPs to avoid a D-DOS attack. How can the organization configure that a request from the above mentioned IPs does not access the application instances?
A.
Create an IAM policy for VPC which has a condition to disallow traffic from that IP address.
B.
Configure a security group at the subnet level which denies traffic from the selected IP.
C.
Configure the security group with the EC2 instance which denies access from that IP address.
D.
Configure an ACL at the subnet which denies the traffic from that IP address.
Suggested Answer:D🗳️
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. Security group works at the instance level while ACL works at the subnet level. ACL allows both allow and deny rules. Thus, when the user wants to reject traffic from the selected IPs it is recommended to use ACL with subnets. Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
amministrazione
8 months, 3 weeks agoSkyZeroZx
1 year, 10 months agoTechX
2 years, 10 months agoipindado2020
3 years, 6 months agomanoj101
3 years, 7 months ago