exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 25 discussion

While securing the connection between a company’s VPC and its on-premises data center, a security engineer sent a ping command from an on-premises host (IP address 203.0.113.12) to an Amazon EC2 instance (IP address 172.31.16.139). The ping command did not return a response. The flow log in the VPC showed the following:

What action should be performed to allow the ping to work?

  • A. In the security group of the EC2 instance, allow inbound ICMP traffic.
  • B. In the security group of the EC2 instance, allow outbound ICMP traffic.
  • C. In the VPC’s NACL, allow inbound ICMP traffic.
  • D. In the VPC’s NACL, allow outbound ICMP traffic.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
FunkyFresco
3 months, 2 weeks ago
Selected Answer: D
D is the right option.
upvoted 1 times
...
bkbaws
9 months, 1 week ago
Selected Answer: D
see https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#flow-log-example-security-groups the NACL is blocking the outbound response
upvoted 2 times
...
i7ovemyself
9 months, 1 week ago
For security group outbound rule is automatically allowed as security groups are stateful, NACL is stateless, so answer will be D as we need to allow the outbound rule in VPC's NACL.
upvoted 3 times
...
Daniel76
1 year ago
Selected Answer: D
There are multiple possible cause. https://arcadian.cloud/aws/2022/07/01/4-reasons-you-cannot-ping-your-aws-ec2-instance-and-how-to-fix-them/ Base on the logs, only one direction is not successful. Likely its #4 - NACL.
upvoted 1 times
...
Aamee
1 year ago
Selected Answer: D
It's the EC2 instance IP area from where the ping didn't get the response back to the on-prem location which is clearly a usecase of NACL area. Therefore, def. going with 'D'.
upvoted 1 times
...
Christina666
1 year ago
Selected Answer: D
NACLs are stateless and do not track the state of a connection, while Security Groups are stateful and allow traffic based on the response to previous traffic. Default rule: NACLs have a default rule that denies all traffic, while Security Groups have a default rule that allows all traffic.
upvoted 3 times
...
[Removed]
1 year, 1 month ago
Selected Answer: D
Answer D
upvoted 1 times
...
lalee2
1 year, 1 month ago
Selected Answer: D
Answer D
upvoted 1 times
...
pupsik
1 year, 1 month ago
Selected Answer: D
Outbound communication on NACL is blocked.
upvoted 1 times
...
allcertcracker
1 year, 1 month ago
it is D
upvoted 1 times
...
Sumi81
1 year, 1 month ago
I think its B
upvoted 1 times
...
100fold
1 year, 1 month ago
Selected Answer: D
Answer D
upvoted 1 times
...
aragon_saa
1 year, 2 months ago
https://www.examtopics.com/discussions/amazon/view/16473-exam-aws-certified-security-specialty-topic-2-question-8/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...