Questions 16 to 18

Explanations for questions 16 to 18

We'll cover the following

Question 16

A company has experienced malicious traffic from some suspicious IP addresses. The security team discovered that the requests are from different IP addresses under the same CIDR range.

What should a solutions architect recommend to the team?

  1. Add a rule in the inbound table of the security group to deny the traffic from that CIDR range.
  2. Add a rule in the outbound table of the security group to deny the traffic from that CIDR range.
  3. Add a deny rule in the inbound table of the network ACL with a lower rule number than other rules.
  4. Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.

Correct Answer: 3

Explanation: You can only create deny rules with network ACLs; it is not possible with security groups. Network ACLs process rules in order from the lowest to the highest-numbered rules until they reach and allow or deny. The following table describes some of the differences between security groups and network ACLs:

Level up your interview prep. Join Educative to access 80+ hands-on prep courses.