You are tasked with setting up a Linux bastion host for access to Amazon EC2 instances running in your VPC.
Only clients connecting from the corporate external public IP address 72.34.51.100 should have SSH access to
the host. Which option will meet the customer requirement?
A.
Security Group Inbound Rule: Protocol – TCP. Port Range – 22, Source 72.34.51.100/32
B.
Security Group Inbound Rule: Protocol – UDP, Port Range – 22, Source 72.34.51.100/32
C.
Network ACL Inbound Rule: Protocol – UDP, Port Range – 22, Source 72.34.51.100/32
D.
Network ACL Inbound Rule: Protocol – TCP, Port Range-22, Source 72.34.51.100/0
A – correct
B – (UDP isnt correct)
C – (UDP isnt correct)
D – bad IP mask
A
I agree with the answer. A
Has anyone taken this exam recently
I hear that these questions are all from the real exam. I am planning to take it pretty soon. I hope i will have some questions from here. Exam is really tough!
U have any question .I am planning to exam
hi
any one know recent question for this exam
A
Security groups act as a firewall for associated instances, controlling both inbound and outbound traffic at the instance level. You must add rules to a security group that enable you to connect to your Linux instance from your IP address using SSH.
To add a rule to a security group for inbound SSH traffic using the console
In the navigation pane of the Amazon EC2 console, choose Instances. Select your instance and look at the Description tab; Security groups lists the security groups that are associated with the instance. Choose view rules to display a list of the rules that are in effect for the instance.
In the navigation pane, choose Security Groups. Select one of the security groups associated with your instance.
In the details pane, on the Inbound tab, choose Edit. In the dialog, choose Add Rule, and then choose SSH from the Type list.
In the Source field, specify the public IP address of your computer, in CIDR notation. For example, if your IP address is 203.0.113.25, specify 203.0.113.25/32 to list this single IP address in CIDR notation. If your company allocates addresses from a range, specify the entire range, such as 203.0.113.0/24.
For information about finding your IP address, see Before You Start.
Choose Save.
ACLs wont work since they are stateless. You will need an outbound rule too. its a one answer question and it can only be with SG