You are working in a College as a Cloud Technical Advisor, and your college was maintaining all its data locally where they felt security and redundancy issues.
So, you suggested deploying the application in AWS and use a NoSQL database for their database.
While deploying the servers in AWS, the team needs your suggestion for creating newSecurity Groups.
Can you select which of the following Option given by the team is true? (Select 2)
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - B and C.
Option A is incorrect because the Security Group supports allow rules only.
To deny rules, Network ACLs should be used.
Option B is CORRECT because, by default, custom SG has no Inbound rules.
Option C is CORRECT because, by default, all Outgoing Traffic is allowed in the custom Security Group.
Option D is incorrect because the security group works at the instance level, hence not the first security level.The first level is NACL to the subnet, and SG is to the instance.
Refer: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.htmlSure, I'll be happy to provide a detailed explanation.
As a Cloud Technical Advisor, you suggested deploying the application in AWS and use a NoSQL database for their database. Now the team needs your suggestion for creating new Security Groups.
Security Groups in AWS are virtual firewalls that control inbound and outbound traffic for instances. Security groups act as the first line of defense in protecting instances from malicious traffic. They act as a virtual firewall for instances, controlling inbound and outbound traffic.
Now let's take a look at the given options:
A. Security Group supports "allow rules" and "deny rules": This option is true. Security groups allow you to specify both "allow rules" and "deny rules". These rules control which traffic is allowed to enter or leave the instances associated with the security group. You can specify both the source and destination of the traffic as well as the protocol and port numbers.
B. The default rules in a security group disallows all incoming traffic: This option is false. By default, when you create a new security group, all inbound traffic is blocked, but all outbound traffic is allowed. You can, however, modify the default rules to allow specific types of inbound traffic.
C. By default, outbound traffic is allowed: This option is true. By default, all outbound traffic is allowed from instances associated with a security group. You can create rules to restrict outbound traffic, but it's not recommended.
D. Security Group is the first layer of security: This option is true. Security groups act as the first line of defense in protecting instances from malicious traffic. They act as a virtual firewall for instances, controlling inbound and outbound traffic.
In summary, options A and C are true, and options B and D are also true.