Bird
0
0

Consider a Network ACL with these inbound rules:

medium📝 service behavior Q4 of 15
AWS - Security Groups and Network ACLs
Consider a Network ACL with these inbound rules:
Rule 100: Allow TCP port 22 from 0.0.0.0/0
Rule 110: Deny all other inbound traffic
What will happen if an SSH connection is attempted from IP 5.6.7.8?
AThe connection will be allowed only if the outbound rule permits it
BThe connection will be denied because the deny rule overrides the allow rule
CThe connection will be allowed because port 22 is explicitly permitted
DThe connection will be denied because Network ACLs are stateful
Step-by-Step Solution
Solution:

  1. Step 1: Analyze inbound rules

    Rule 100 explicitly allows inbound TCP traffic on port 22 from any IP.

  2. Step 2: Understand rule evaluation

    Network ACLs evaluate rules by rule number in ascending order; the first matching rule applies.

  3. Step 3: Consider deny all rule

    Rule 110 denies all other traffic but does not override the earlier allow rule for port 22.

  4. Step 4: Confirm statefulness

    Network ACLs are stateless, so outbound rules must also allow return traffic, but question focuses on inbound attempt.

  5. Final Answer:

    The connection will be allowed because port 22 is explicitly permitted -> Option C

  6. Quick Check:

    Allow rules take precedence if matched first [OK]
Quick Trick: First matching rule applies; allow on port 22 permits SSH [OK]
Common Mistakes:
  • Assuming deny rules override earlier allow rules
  • Confusing Network ACLs as stateful
  • Ignoring rule evaluation order

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Billing dashboard overview - Quiz 4medium AWS CLI - Configuring credentials - Quiz 14medium Cloud Computing Fundamentals - Why cloud over on-premises - Quiz 3easy EC2 Fundamentals - Key pairs for SSH access - Quiz 10hard EC2 Fundamentals - Amazon Machine Images (AMIs) - Quiz 3easy EC2 Fundamentals - Elastic IP addresses - Quiz 2easy Identity and Access Management - IAM users and groups - Quiz 13medium Identity and Access Management - Assuming roles for temporary access - Quiz 6medium S3 Fundamentals - Buckets and objects concept - Quiz 5medium Security Groups and Network ACLs - Inbound and outbound rules - Quiz 15hard