Amazon ANS-C01: AWS Certified Advanced Networking - Specialty Exam Question | Restrict SSH Access to Specific IP

Restrict SSH Access to Specific IP | Amazon ANS-C01 Exam Answer | AWS Certified Advanced Networking - Specialty

Prev Question Next Question

Question

You have a set of EC2 Instances which are part of a public subnet in a VPC.

There is a requirement to ensure that administrators can only SSH from a workstation with an IP of 59.12.10.10

Which of the following CIDR blocks would be added to the Inbound Rules for the Security Group to fulfil this requirement.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - C.

Since we just want to specify one IP address , the /32 CIDR notation specifies a single IP address and should be added accordingly to the Security Group.

For more information on CIDR notation, please visit the below link:

https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

To restrict SSH access to the EC2 instances only from a specific IP address, you need to configure a security group associated with the instances to allow inbound SSH traffic only from the specified IP address.

The correct CIDR block to be added to the inbound rules of the security group is /32, which is option C. The CIDR block represents a single IP address, which in this case is 59.12.10.10.

Option A (/28) represents a range of IP addresses, which is larger than the specified IP address and would allow access from other IPs in the range as well.

Option B (/16) is an even larger range of IP addresses that would allow SSH access from any IP address within the same Class B network as 59.12.10.10. This is not a suitable option as it does not provide the required level of restriction.

Option D (/24) represents a smaller range of IP addresses, which would allow access from any IP within the same Class C network as 59.12.10.10, but may also include other unwanted IP addresses.

Therefore, option C is the correct answer, as it specifies the exact IP address that should be allowed access via SSH.