The new rules apply:

You have an EC2 Security Group with several running EC2 instances. You change the Security Group rules to
allow inbound traffic on a new port and protocol, and launch several new instances in the same Security
Group. The new rules apply:

You have an EC2 Security Group with several running EC2 instances. You change the Security Group rules to
allow inbound traffic on a new port and protocol, and launch several new instances in the same Security
Group. The new rules apply:

A.
Immediately to all instances in the security group.

B.
Immediately to the new instances only.

C.
Immediately to the new instances, but old instances must be stopped and restarted before the new rules
apply.

D.
To all instances, but it may take several minutes for old instances to see the changes.

Show Hint

Leave a Reply 11

Your email address will not be published. Required fields are marked *

networkmanagers

networkmanagers

Correct answer is A

Reply

Oliyavan

Oliyavan

A is the Correct one

Reply

Bob

Bob

To throw in some doubt towards D:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rules
“You can add and remove rules at any time. Your changes are automatically applied to the instances associated with the security group after a short period.”

So what’s “a short period”…

Reply

RPM

RPM

Good catch Bob, appreciate your precise observation. However, I did try this option and found there is no lag between instances. So, in my view – the word – “Short period” is applicable to both New and OLD from the questions standpoint. Hence, the correct answer should be “A”

Reply

Ganesh Ghube

Ganesh Ghube

A.
Immediately to all instances in the security group.

Reply

RP

RP

We have for sure observed that the changes will take effect without any lag.
We do not have any document that explains the circumstances under which there can be a lag and not sure if we can test all the scenarios.

Just because we are experiencing better does not assure that we will get same result in all scenarios.

If I consider assurance/SLA from AWS than my personnel experience… The document is very clearly stating “You can add and remove rules at any time. Your changes are automatically applied to the instances associated with the security group after a short period.”

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rules

Another article is suggesting to use Network ACL’s ensure that traffic is immediately interrupted when you remove a security group rule,
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-connection-tracking

Finding “D” to be more logical answer based on documents from AWS.

Thoughts?

Reply

zhouyl

zhouyl

a period time doesn’t equal to several minutes. A maybe more suitable for the right answer

Reply