exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 253 discussion

A security engineer has been asked to troubleshoot inbound connectivity to a web server. This single web server is not receiving inbound connections from the internet, whereas all other web servers are functioning properly.

The architecture includes network ACLs, security groups, and a virtual security appliance. In addition, the development team has implemented Application Load Balancers (ALBs) to distribute the load across all web servers. It is a requirement that traffic between the web servers and the internet flow through the virtual security appliance.

The security engineer has verified the following:

1. The rule set in the security groups is correct.
2. The rule set in the network ACLs is correct.
3. The rule set in the virtual appliance is correct.

Which of the following are other valid items to troubleshoot in this scenario? (Choose two.)

  • A. Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to a NAT gateway.
  • B. Verify which security group is applied to the particular web server’s elastic network interface (ENI).
  • C. Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to the virtual security appliance.
  • D. Verify the registered targets in the ALB.
  • E. Verify that the 0.0.0.0/0 route in the public subnet points to a NAT gateway.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
nznzwell
1 week ago
Selected Answer: BD
The answer should B and D. C is not correct: the route in the routing table should point to the LB as the architecture should be like this: Internet -> Firewall -> Load Balancer -> EC2 Instances. Otherwise, how can the LB distributes traffic to EC2 notes when the network appliance sits in between?
upvoted 1 times
...
IPLogic
2 months ago
Selected Answer: CD
The most likely causes for the inbound connectivity issue to the web server are related to routing and security group configurations. Here are the two most valid items to troubleshoot: C. Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to the virtual security appliance. This ensures that traffic destined for the web server is routed correctly through the security appliance. D. Verify the registered targets in the ALB. If the web server is not registered as a target in the ALB, it will not receive any traffic from the internet.
upvoted 1 times
IPLogic
2 months ago
A and E: These options are related to outbound traffic, not inbound traffic. B: While it's important to verify the security group associated with the ENI, it's less likely to be the root cause if other web servers are working correctly. By focusing on the routing and load balancer configuration, the security engineer can effectively troubleshoot and resolve the inbound connectivity issue.
upvoted 1 times
...
...
HappyG
2 months, 1 week ago
Selected Answer: CD
C. Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to the virtual security appliance. Since the architecture specifies that traffic between the web servers and the internet must flow through a virtual security appliance, the route table for the web server subnet should direct traffic to this appliance. If the route is incorrect or missing, traffic will not be properly forwarded to the appliance and will be blocked, causing the web server to be unreachable. D. Verify the registered targets in the ALB. Even though the security groups, network ACLs, and virtual appliance configurations are correct, it's important to verify that the Application Load Balancer (ALB) correctly registers the target web server. If the target (your web server) is not registered or is in an unhealthy state, the ALB will not forward traffic to it, causing the web server to not receive incoming connections.
upvoted 2 times
...
jdx000
2 months, 1 week ago
Selected Answer: BD
B and D
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago