ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 166 discussion

Exam question from Amazon's ANS-C00
Question #: 166
Topic #: 1
[All ANS-C00 Questions]

Your website is under attack and a malicious party is stealing large amounts of data. You have default NACL rules. Stopping the attack is the ONLY priority in this case. Which two commands should you use? (Choose two.)

  • A. aws ec2 delete-network-acl-entry -network-acl-id acl-5fb84d47 -ingress -rule-number 32768
  • B. aws ec2 delete-network-acl-entry -network-acl-id acl-5fb84d47 -egress rule-number 100
  • C. aws ec2 delete-network-acl-entry -network-acl-id acl-5fb84d47 -ingress rule-number 100
  • D. aws ec2 create-network-acl-entry -network-acl-id acl-5fb84d47 -ingress rule-number 100 -protocol -1 -port-range From =-1,To =-1 -cidr-block 0.0.0.0/0 -rule- action deny
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
You should remove the default allow rules in your NACL and a default deny will be the only rule left for inbound and outbound. If you attempt to create a rule number 100, it will encounter an error as there is already a rule 100.
by CloudArchitect at Nov. 20, 2020, 10:02 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CloudArchitect
Highly Voted 3 years, 8 months ago
B & C are correct.
upvoted 8 times
...
Marty2021
Most Recent 2 years, 11 months ago
Selected Answer: BC
B & C - Delete egress and ingress rules in default NACLs and final Deny rule in default NACLs will drop all traffic in and out of subnet.
upvoted 1 times
...
ChauPhan
3 years, 7 months ago
Default NACL Inbound and Outbound as below 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny So delete Inbound and Outbound rule 100 and let * (Default) to the Deny
upvoted 2 times
ChauPhan
3 years, 7 months ago
B & C are correct
upvoted 2 times
...
...
CloudArchitect
3 years, 8 months ago
C & D - first delete rule 100 and then create new rule 100 to block traffic.
upvoted 3 times
Paagee
3 years, 8 months ago
I just checked the default NACL from the AWS console. there is a deny all entry under rule 100 by default. Rule 100 is permit all. So we just need to remove rule 100 outbound/inbound then it will drop all packets. So D is not needed I think
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel