Exam CV0-003 topic 1 question 220 discussion

I feel like this would have to be B, not A. A removes access to one of them, not add access for the remaining person needing it.

B. Add an inbound rule to use the IP address for the company's main office as a source. Why this works: By adding an inbound rule that allows SSH access from the company's main office IP address, both the administrator (working remotely) and the internal developer (likely working from the office) can securely access the server. This ensures secure access for both parties without overly broad permissions, like allowing all IPs (0.0.0.0/0), which would pose a security risk.

C. Modify the inbound rule to allow the company’s external IP address as a source. Explanation: Currently, the administrator has modified the rule to set the source to "My IP," which means only the administrator's IP address is allowed for inbound connections. This resulted in the internal developer encountering a connection timeout error when attempting to log in via SSH. By modifying the inbound rule to allow the company’s external IP address as a source, both the administrator and the internal developer can access the server from their respective locations. This option ensures that both the administrator and the developer can connect to the server while maintaining the security restriction of allowing access only from the company's external IP address.

Since the error occurred after the administrator modified the rule to restrict SSH access to "My IP," it's likely that the developer's IP address is not included in the allowed sources. Since the administrator already has a rule that allows their IP address, an additional inbound rule needs to be added for the developer. Adding an inbound rule with the IP address of the company's main office as the source would ensure that both the developer (who is internal to the organiztion) and the administrator (who is working remotely) can access the server. ANSWER IS NOT C bcoz: Without explicit information about the developer's external IP address, it would be inaccurate to assume that it is the same as the company's external IP address. THE QUESTION DOES NOT STATE that the company's external IP address is the developers address.

B. There are 2 people in different locations. Each one needs an inbound rule to allow their traffic from their different IPs. The admin already has his rule, you need to ADD an inbound rule for the developer (and every other dev and admin at the office).

C. Modify the inbound rule to allow the company’s external IP address as a source is the BEST option for both the developer and the administrator to access the server from their locations. Here's why: The security group rule was initially set to allow SSH traffic from the administrator's current IP address (My IP). When the administrator modifies the rule to set the source to "My IP," it restricts SSH access to only the administrator's IP address. This change caused the developer to be unable to connect. To allow both the developer and the administrator to access the server from their respective locations, the inbound rule should be modified to include the external IP address of the company. This change will permit SSH access from both their locations, maintaining security while allowing authorized access.

It's inbound connection

The SSH server needs an inbound rule to be accessed, not outbound (A). Agree to concepcionz and mattygster, as earlier test showed the rule working OK in priniciple, but needs tweaking.

Im also going with C as it modifies the existing inbound rule to allow access from the company's external IP address range, which includes both the administrator and the INTERNAL developer's IP addresses.

I am leaning to C, the internal Dev is unable to log into the server using SSH, but the Administrator can. So there is a pre-existing rule that works. B would add an additional rule while C would modify the pre-exisiting rule. keep it simple and have only the ACLs you need rather than multiple that overlap and do the same purpose.