You are tasked with setting up a Linux bastion host for access to Amazon EC2 instances running in your VPC.
Only clients connecting from the corporate external public IP address 72.34.51.100 should have SSH access to
the host. Which option will meet the customer requirement?
A.
Security Group Inbound Rule: Protocol – TCP. Port Range – 22, Source 72.34.51.100/32
B.
Security Group Inbound Rule: Protocol – UDP, Port Range – 22, Source 72.34.51.100/32
C.
Network ACL Inbound Rule: Protocol – UDP, Port Range – 22, Source 72.34.51.100/32
D.
Network ACL Inbound Rule: Protocol – TCP, Port Range-22, Source 72.34.51.100/0
A Security Group
SSH isn’t UDP, so that narrows it down to only 2.
D has bad mask of /0, must be A
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html#VPC_Security_Comparison
Security Groups opperate at Instance Level, Network ACL opperates at the Subnet level