Questions 16 to 18

Explanations for questions 16 to 18

We'll cover the following

Question 16
Question 17
Question 18

Question 16

A company has experienced malicious traffic from some suspicious IP addresses. The security team discovered that the requests are from different IP addresses under the same CIDR range.

What should a solutions architect recommend to the team?

Add a rule in the inbound table of the security group to deny the traffic from that CIDR range.
Add a rule in the outbound table of the security group to deny the traffic from that CIDR range.
Add a deny rule in the inbound table of the network ACL with a lower rule number than other rules.
Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.

Correct Answer: 3

Explanation: You can only create deny rules with network ACLs; it is not possible with security groups. Network ACLs process rules in order from the lowest to the highest-numbered rules until they reach and allow or deny. The following table describes some of the differences between security groups and network ACLs:

Level up your interview prep. Join Educative to access 70+ hands-on prep courses.

Introduction

Getting Started

Compute

Storage

AWS Database

Migration

Networking and Content Delivery

Management Tools

Media Services

Analytics

AWS Security, Identity, & Compliance

Application Integration

AWS Desktop & App Streaming

Wrapping Up

Practice Exam 1

Practice Exam 1 Explanations

Practice Exam 2

Practice Exam 2 Explanations

Practice Exam 3

Practice Exam 3 Explanations

Practice Exam 4

Practice Exam 4 Explanations

Practice Exam 5

Practice Exam 5 Explanations

Practice Exam 6

Practice Exam 6 Explanations

Questions 16 to 18

Question 16