Questions 16 to 18
Explanations for questions 16 to 18
We'll cover the following
Question 16
A company has experienced malicious traffic from some suspicious IP addresses. The security team discovered that the requests are from different IP addresses under the same CIDR range.
What should a solutions architect recommend to the team?
- Add a rule in the inbound table of the security group to deny the traffic from that CIDR range.
- Add a rule in the outbound table of the security group to deny the traffic from that CIDR range.
- Add a deny rule in the inbound table of the network ACL with a lower rule number than other rules.
- Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.
Correct Answer: 3
Explanation: You can only create deny rules with network ACLs; it is not possible with security groups. Network ACLs process rules in order from the lowest to the highest-numbered rules until they reach and allow or deny. The following table describes some of the differences between security groups and network ACLs:
Level up your interview prep. Join Educative to access 70+ hands-on prep courses.