What steps should you take to do this, and how quickly …

You are a solutions architect working for a large oil and gas company. Your company runs their production
environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is public and the other 2
are private. Inside the public subnet is a fleet of EC2 instances which are the result of an autoscaling group. All
EC2 instances are in the same security group. Your company has created a new custom application which
connects to mobile devices using a custom port. This application has been rolled out to production and you
need to open this port globally to the internet. What steps should you take to do this, and how quickly will the
change occur?

You are a solutions architect working for a large oil and gas company. Your company runs their production
environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is public and the other 2
are private. Inside the public subnet is a fleet of EC2 instances which are the result of an autoscaling group. All
EC2 instances are in the same security group. Your company has created a new custom application which
connects to mobile devices using a custom port. This application has been rolled out to production and you
need to open this port globally to the internet. What steps should you take to do this, and how quickly will the
change occur?

A.
Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate
on this port after a reboot.

B.
Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate
over this port immediately.

C.
Open the port on the existing security group. Your EC2 instances will be able to communicate over this port
immediately.

D.
Open the port on the existing security group. Your EC2 instances will be able to communicate over this port
as soon as the relevant Time To Live (TTL) expires.



Leave a Reply 5

Your email address will not be published. Required fields are marked *


Fred

Fred

I think the answer should be B. Using ACL will apply the same policies to all the instances since it mentioned about Auto Scaling. Security Groups only apply to an instances.

aniket

aniket

I will go for C.

Security groups applies to instances (rather to ENI attached to those )

Q mentions – All EC2 instances are in the same securty group.
Also, security group is part of launch config. so all instances will get that immediately.

You can deploy autoscale group 2 in same subnet, Network acl’s will apply to those instances too. Although that you may not want.