Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 107 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 107
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A systems engineer is troubleshooting the connectivity of a test environment that includes a virtual security appliance deployed inline. In addition to using the virtual security appliance, the development team wants to use security groups and network ACLs to accomplish various security requirements in the environment.

What configuration is necessary to allow the virtual security appliance to route the traffic?

  • A. Disable network ACLs.
  • B. Configure the security appliance's elastic network interface for promiscuous mode.
  • C. Disable the Network Source/Destination check on the security appliance's elastic network interface.
  • D. Place the security appliance in the public subnet with the internet gateway.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by oioi at Nov. 23, 2023, 10:08 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
vikasj1in
8 months, 3 weeks ago
C, When you deploy a virtual security appliance inline in a subnet, you need to ensure that it can effectively route traffic between different subnets. The "Network Source/Destination check" is a feature in Amazon EC2 that controls whether source/destination checking is enabled or disabled on a network interface. In this context, the virtual security appliance acts as a router, and the "Network Source/Destination check" should be disabled on its elastic network interface. When this check is disabled, the network interface can handle traffic that is not specifically destined for the instance it is attached to, allowing it to route traffic between different subnets.
upvoted 2 times
...
rahav
9 months, 2 weeks ago
Selected Answer: C
C for sure
upvoted 1 times
...
Daniel76
9 months, 3 weeks ago
Selected Answer: C
Source/destination checking You can enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. Source/destination checks are enabled by default. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
upvoted 3 times
...
azure4life
9 months, 3 weeks ago
Selected Answer: C
Option C is the correct solution. To allow a virtual security appliance deployed inline to route traffic between subnets, the Network Source/Destination Check needs to be disabled on its elastic network interface. This enables the appliance to receive traffic that is not specifically addressed to itself. Option A is incorrect because disabling network ACLs is not required for a virtual appliance deployment and would reduce security. Option B mentions promiscuous mode which applies to physical network interfaces, not virtual ones in AWS. Option D places the appliance in the public subnet which may help route internet traffic but does not address routing between private subnets. Disabling the Source/Destination Check is required to enable that routing functionality.
upvoted 4 times
...
Oralinux
10 months ago
Answer: C
upvoted 1 times
...
kejam
10 months, 1 week ago
Selected Answer: C
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
upvoted 3 times
...
[Removed]
10 months, 2 weeks ago
Selected Answer: C
C is correct
upvoted 3 times
...
oioi
10 months, 2 weeks ago
Selected Answer: C
correct
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel