Question 186 of 340 from exam SOA-C02: AWS Certified SysOps Administrator

Question 186 of 340 from exam SOA-C02: AWS Certified SysOps Administrator - Associate

Prev Question Next Question

Question

One of your Systems Administrators has defined the following NACL's rules for a subnet. A rule is added to the security group for allowing incoming traffic on port 80 from anywhere to the EC2 Instance.

Which of the following is TRUE based on the above settings?

Summary Inbound Rules Outbound Rules Subnet Associations Tags

Allows inbound traffic. Because network ACLs are stateless, you must create inbound and outbound rules.

ER Q Save Successful

View: — All rules v
Rule # Type Protocol PortRange Source Allow/ Deny
100 ALL Traffic ALL ALL 0.0.0.0/0 DENY
105 HTTP (80) TCP (6) 80 0.0.0.0/0 ALLOW

ALL Traffic ALL ALL 0.0.0.0/0 DENY

Answers

A. A request from a workstation on the Internet with IP address 52.10.1.2 will be allowed onto the EC2 Instance on port 80.

B. All traffic on all ports will be denied flow into the subnet.

C. There will be an error in setting the rules for the Security Group rules due to the clash in rules.

D. All traffic out of the subnet will be denied.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B.

In the above screenshot, Rule number 100 will be evaluated first.

Hence all traffic will be denied into the subnet.

Option A is incorrect since, by default, Rule 100 will be evaluated first.

Hence all traffic will be denied into the subnet.

Option C is incorrect since the settings for the NACL and the Security Groups are separate.

Option D is incorrect since we don't know the Outbound rules to decide on this statement.

For more information on Network Access Control Lists, please refer to the below URL-

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

Prev Question Next Question