exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 92 discussion

A company has deployed servers on Amazon EC2 instances in a VPC. External vendors access these servers over the internet. Recently, the company deployed a new application on EC2 instances in a new CIDR range. The company needs to make the application available to the vendors.

A security engineer verified that the associated security groups and network ACLs are allowing the required ports in the inbound direction. However, the vendors cannot connect to the application.

Which solution will provide the vendors access to the application?

  • A. Modify the security group that is associated with the EC2 instances to have the same outbound rules as inbound rules.
  • B. Modify the network ACL that is associated with the CIDR range to allow outbound traffic to ephemeral ports.
  • C. Modify the inbound rules on the internet gateway to allow the required ports.
  • D. Modify the network ACL that is associated with the CIDR range to have the same outbound rules as inbound rules.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Davidng88
2 months, 3 weeks ago
Selected Answer: B
Network ACLs are stateless, meaning you need to explicitly allow both inbound and outbound traffic. While the inbound rules might be correctly configured, the outbound rules might be blocking the return traffic. Allowing outbound traffic to ephemeral ports (typically ports 1024-65535) ensures that the response traffic to the vendors.
upvoted 1 times
...
NoCrapEva
9 months, 3 weeks ago
Selected Answer: B
Ephemeral ports are necessary for certain network responses and are dependant on the client type (O/S)... The client that initiates the request chooses the ephemeral port range. The range varies depending on the client's operating system. Many Linux kernels (including the Amazon Linux kernel) use ports 32768-61000. Requests originating from Elastic Load Balancing use ports 1024-65535. Windows operating systems through Windows Server 2003 use ports 1025-5000. Windows Server 2008 and later versions use ports 49152-65535. A NAT gateway uses ports 1024-65535. AWS Lambda functions use ports 1024-65535. For example, if a request comes into a web server in your VPC from a Windows 10 client on the internet, your network ACL must have an outbound rule to enable traffic destined for ports 49152-65535. REF: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#nacl-ephemeral-ports
upvoted 1 times
...
Jamshif01
10 months, 2 weeks ago
I don't understand why they are called 'ephmeral' ports
upvoted 1 times
rxhan
9 months, 1 week ago
They change and are random.
upvoted 1 times
...
...
tayman
11 months, 2 weeks ago
Selected Answer: B
Definitely B.
upvoted 2 times
...
ykhan321
11 months, 2 weeks ago
Did someone take the test recently? How many questons appeared from here?
upvoted 4 times
...
Aamee
1 year ago
Selected Answer: B
Agreed with B.
upvoted 1 times
...
[Removed]
1 year ago
Selected Answer: B
B. You must allow the ephemeral ports in the outbound NACL for the CIDR range.
upvoted 4 times
...
oioi
1 year ago
Selected Answer: D
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...