ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 91 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 91
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company is seeing access requests by some suspicious IP addresses. The security team discovers the requests are from different IP addresses under the same CIDR range.
What should a solutions architect recommend to the team?

  • A. Add a rule in the inbound table of the security to deny the traffic from that CIDR range.
  • B. Add a rule in the outbound table of the security group to deny the traffic from that CIDR range.
  • C. Add a deny rule in the inbound table of the network ACL with a lower number than other rules.
  • D. Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by rob_724 at Aug. 10, 2020, 8:59 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rob_724
Highly Voted 3 years, 8 months ago
Yep C. SG is not applicable here. And we are dealing with subnet level
upvoted 27 times
lavy
3 years, 8 months ago
you cannot deny traffic in a security group
upvoted 45 times
aguy9
3 years, 7 months ago
I agree, the answer is C. Security groups are deny by default. Network ACLs by default allow everything outbound and everything inbound and you would create a dent rule with a lower number than all other rules so that it takes precedence.
upvoted 15 times
banjojoe
3 years, 7 months ago
the default nacl allows all traffic by default, but newly created nacls deny all traffic by default. but the answer is still C.
upvoted 2 times
...
...
...
...
Paitan
Highly Voted 3 years, 8 months ago
Restrict at Network ACL level. So option C is the answer.
upvoted 13 times
...
reve666
Most Recent 3 years ago
Selected Answer: C
Ans is C
upvoted 1 times
...
craycomm
3 years, 7 months ago
Came up in my test today 22/09/2021
upvoted 2 times
Nkd
3 years, 7 months ago
i have exam on 27 this month what questions range i have to study from here?
upvoted 2 times
...
...
karthisena
3 years, 7 months ago
Explanation: You can only create deny rules with network ACLs, it is not possible with security groups. Network ACLs process rules in order from the lowest numbered rules to the highest until they reach and allow or deny. The following table describes some of the differences between security groups and network ACLs
upvoted 5 times
...
IdrisAWS
3 years, 7 months ago
Security group only allow rules, NACL one mentioned explicit deny
upvoted 2 times
...
Abdullah777
3 years, 7 months ago
clearly C, it is in neal as well
upvoted 4 times
...
syu31svc
3 years, 7 months ago
C for correct
upvoted 2 times
...
KK_uniq
3 years, 7 months ago
C for sure. Network ACLs r way to go
upvoted 1 times
...
mryala
3 years, 7 months ago
it's C
upvoted 1 times
...
Ankitrathi85
3 years, 7 months ago
C right
upvoted 1 times
...
AEN
3 years, 7 months ago
Ans is C
upvoted 2 times
...
Danny_Choi
3 years, 7 months ago
I would choose C
upvoted 1 times
...
Elias23
3 years, 7 months ago
CCCCCCCCCCC
upvoted 1 times
...
arunchu
3 years, 7 months ago
C is correct
upvoted 1 times
...
sflix
3 years, 7 months ago
C is correct
upvoted 1 times
...
youngoose
3 years, 7 months ago
should be C. NACL inbound
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel