Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 92 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 92
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has deployed servers on Amazon EC2 instances in a VPC. External vendors access these servers over the internet. Recently, the company deployed a new application on EC2 instances in a new CIDR range. The company needs to make the application available to the vendors.

A security engineer verified that the associated security groups and network ACLs are allowing the required ports in the inbound direction. However, the vendors cannot connect to the application.

Which solution will provide the vendors access to the application?

  • A. Modify the security group that is associated with the EC2 instances to have the same outbound rules as inbound rules.
  • B. Modify the network ACL that is associated with the CIDR range to allow outbound traffic to ephemeral ports.
  • C. Modify the inbound rules on the internet gateway to allow the required ports.
  • D. Modify the network ACL that is associated with the CIDR range to have the same outbound rules as inbound rules.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by oioi at Nov. 23, 2023, 9:39 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Davidng88
3 weeks, 6 days ago
Selected Answer: B
Network ACLs are stateless, meaning you need to explicitly allow both inbound and outbound traffic. While the inbound rules might be correctly configured, the outbound rules might be blocking the return traffic. Allowing outbound traffic to ephemeral ports (typically ports 1024-65535) ensures that the response traffic to the vendors.
upvoted 1 times
...
NoCrapEva
7 months, 3 weeks ago
Selected Answer: B
Ephemeral ports are necessary for certain network responses and are dependant on the client type (O/S)... The client that initiates the request chooses the ephemeral port range. The range varies depending on the client's operating system. Many Linux kernels (including the Amazon Linux kernel) use ports 32768-61000. Requests originating from Elastic Load Balancing use ports 1024-65535. Windows operating systems through Windows Server 2003 use ports 1025-5000. Windows Server 2008 and later versions use ports 49152-65535. A NAT gateway uses ports 1024-65535. AWS Lambda functions use ports 1024-65535. For example, if a request comes into a web server in your VPC from a Windows 10 client on the internet, your network ACL must have an outbound rule to enable traffic destined for ports 49152-65535. REF: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#nacl-ephemeral-ports
upvoted 1 times
...
Jamshif01
8 months, 2 weeks ago
I don't understand why they are called 'ephmeral' ports
upvoted 1 times
rxhan
7 months, 1 week ago
They change and are random.
upvoted 1 times
...
...
tayman
9 months, 2 weeks ago
Selected Answer: B
Definitely B.
upvoted 2 times
...
ykhan321
9 months, 2 weeks ago
Did someone take the test recently? How many questons appeared from here?
upvoted 3 times
...
Aamee
10 months, 2 weeks ago
Selected Answer: B
Agreed with B.
upvoted 1 times
...
[Removed]
10 months, 2 weeks ago
Selected Answer: B
B. You must allow the ephemeral ports in the outbound NACL for the CIDR range.
upvoted 4 times
...
oioi
10 months, 2 weeks ago
Selected Answer: D
correct
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel