Bird
0
0

A Network ACL rule denies all inbound traffic from 192.168.1.0/24 but you still receive traffic from 192.168.1.5. What could be the problem?

medium📝 Debug Q7 of 15
AWS - Security Groups and Network ACLs
A Network ACL rule denies all inbound traffic from 192.168.1.0/24 but you still receive traffic from 192.168.1.5. What could be the problem?
AThe rule is set for outbound traffic instead of inbound.
BThe subnet mask in the CIDR block is incorrect.
CNetwork ACLs do not block traffic from private IP ranges.
DThe deny rule has a higher rule number than an allow rule for that IP.
Step-by-Step Solution
Solution:

  1. Step 1: Verify rule direction

    Denying inbound traffic requires the rule to be set with '--ingress'.

  2. Step 2: Impact of wrong direction

    If rule is set for outbound, inbound traffic is unaffected and allowed.

  3. Final Answer:

    The rule is set for outbound traffic instead of inbound. -> Option A

  4. Quick Check:

    Deny inbound needs '--ingress' rule [OK]
Quick Trick: Direction matters: inbound = ingress, outbound = egress [OK]
Common Mistakes:
MISTAKES
  • Confusing CIDR mask correctness
  • Assuming private IPs bypass ACLs
  • Ignoring rule direction

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - AWS Cost Explorer basics - Quiz 4medium AWS Account and Billing - Why account management matters - Quiz 6medium AWS Account and Billing - Resource tagging for cost tracking - Quiz 8hard Identity and Access Management - IAM best practices - Quiz 13medium S3 Fundamentals - Creating S3 buckets - Quiz 12easy S3 Fundamentals - S3 lifecycle rules - Quiz 12easy S3 Fundamentals - S3 versioning - Quiz 9hard Security Groups and Network ACLs - Why security groups matter - Quiz 11easy Security Groups and Network ACLs - Default security group behavior - Quiz 8hard Security Groups and Network ACLs - Why security groups matter - Quiz 1easy