0
0
AWScloud~20 mins

Security group as virtual firewall in AWS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Security Group Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
Understanding Security Group Inbound Rules

You have a security group with the following inbound rule:

Type: SSH
Protocol: TCP
Port Range: 22
Source: 0.0.0.0/0

What does this rule allow?

AAllows SSH access only from a specific IP address.
BBlocks all SSH access to instances associated with this security group.
CAllows SSH access only from within the same security group.
DAllows SSH access from any IP address to instances associated with this security group.
Attempts:
2 left
💡 Hint

Think about what 0.0.0.0/0 means in networking.

Configuration
intermediate
1:30remaining
Security Group Outbound Rule Behavior

You create a security group with no outbound rules. What will be the effect on instances using this security group?

AInstances cannot send any outbound traffic.
BInstances can send outbound traffic to any destination.
CInstances can send outbound traffic only to the same security group.
DInstances can send outbound traffic only on port 80.
Attempts:
2 left
💡 Hint

Remember the default behavior of outbound rules in AWS security groups.

Architecture
advanced
2:00remaining
Designing a Security Group for a Web Server

You want to create a security group for a web server that:

  • Allows HTTP traffic from anywhere
  • Allows SSH only from a specific office IP 203.0.113.5
  • Blocks all other traffic

Which inbound rule set correctly implements this?

AAllow TCP port 80 from 203.0.113.5/32 and Allow TCP port 22 from 0.0.0.0/0
BAllow TCP port 22 from 0.0.0.0/0 only
CAllow TCP port 80 from 0.0.0.0/0 and Allow TCP port 22 from 203.0.113.5/32
DAllow TCP port 80 from 0.0.0.0/0 only
Attempts:
2 left
💡 Hint

Think about which ports and sources are allowed for HTTP and SSH.

security
advanced
2:00remaining
Security Group Rule Priority and Conflicts

You have two inbound rules in a security group:

  • Allow TCP port 443 from 192.168.1.0/24
  • Deny TCP port 443 from 192.168.1.50/32

What will happen when a request comes from 192.168.1.50 on port 443?

AThe request is allowed because security groups do not support deny rules.
BThe request is denied because deny rules override allow rules.
CThe request is allowed only if it matches the first rule.
DThe request is denied because the more specific rule applies.
Attempts:
2 left
💡 Hint

Consider how AWS security groups handle deny rules.

service_behavior
expert
2:30remaining
Effect of Security Group Changes on Running Instances

You modify the inbound rules of a security group attached to running instances by removing a rule that allowed port 3306 (MySQL) from a specific IP range.

What happens immediately after this change?

AThe instances immediately block new inbound MySQL connections from that IP range.
BExisting MySQL connections from that IP range remain active, but new connections are blocked.
CThe instances must be restarted for the rule change to take effect.
DThe rule change has no effect until the security group is detached and reattached.
Attempts:
2 left
💡 Hint

Think about how security groups apply changes to network traffic.