ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 474 discussion

Exam question from Amazon's AWS-SysOps
Question #: 474
Topic #: 1
[All AWS-SysOps Questions]

You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: Security groups and network access control lists (ACLs). You start to look into security groups first. Which statement below is incorrect in relation to security groups?

  • A. Are stateful: Return traffic is automatically allowed, regardless of any rules.
  • B. Support addition of individual allow and deny rules in both inbound and outbound.
  • C. Security Groups can be added or removed from EC2 instances in a VPC at any time.
  • D. Evaluate all rules before deciding whether to allow traffic.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Amazon VPC provides two features that you can use to increase security for your VPC:
Security groups--Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level and supports allow rules only.
Network access control lists (ACLs)--Act as a firewall for associated subnets, controlling both in-bound and outbound traffic at the subnet level and supports allow rules and deny rules.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html
by chris82 at Nov. 10, 2019, 8:43 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
chris82
Highly Voted 2 years, 6 months ago
ah, i missed incorrect ans...B is correct
upvoted 6 times
...
albert_kuo
Most Recent 10 months, 1 week ago
Selected Answer: B
Security groups can specify only Allow rules, but not deny rules
upvoted 1 times
...
TroyMcLure
2 years, 5 months ago
Correct Answer: B https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security.html#VPC_Security_Comparison "Sec Groups Support allow rules only"
upvoted 1 times
...
Anderson01
2 years, 5 months ago
"incorrect in relation to security groups?" -> B is correct
upvoted 1 times
...
weril
2 years, 6 months ago
This question is a big confusion like one before... Yea, default action for sg is deny everything and an EC2 instance have to be associated with sg and cannot coexist without sg(if u don't specify sg then it's used default sg of VPC).
upvoted 1 times
...
sen12
2 years, 6 months ago
Security Groups cannot Deny Traffic, so the Ans is B
upvoted 2 times
...
chris82
2 years, 6 months ago
Correct ans is A
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago