Bird
0
0

A security group rule is set to allow TCP traffic on port 22 from source 192.168.1.0/24, but SSH access is still denied. What is a likely cause?

medium📝 Debug Q6 of 15
AWS - Security Groups and Network ACLs
A security group rule is set to allow TCP traffic on port 22 from source 192.168.1.0/24, but SSH access is still denied. What is a likely cause?
AThe security group rule uses UDP instead of TCP
BThe security group allows all traffic
CThe source IP is outside 192.168.1.0/24
DThe instance's network ACL blocks the traffic
Step-by-Step Solution
Solution:

  1. Step 1: Check security group rule correctness

    Rule allows TCP port 22 from 192.168.1.0/24, which is correct for SSH.

  2. Step 2: Consider other network controls

    Network ACLs can block traffic even if security group allows it.

  3. Final Answer:

    The instance's network ACL blocks the traffic -> Option D

  4. Quick Check:

    Network ACL can override security group = A [OK]
Quick Trick: Network ACLs can block traffic despite security group rules [OK]
Common Mistakes:
MISTAKES
  • Ignoring network ACLs
  • Assuming security group alone controls access

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Root user vs IAM user - Quiz 7medium EC2 Fundamentals - Instance states (running, stopped, terminated) - Quiz 1easy Identity and Access Management - Policy evaluation logic - Quiz 11easy Identity and Access Management - IAM roles concept - Quiz 1easy Identity and Access Management - IAM best practices - Quiz 12easy Identity and Access Management - IAM policies (JSON structure) - Quiz 14medium S3 Fundamentals - S3 versioning - Quiz 10hard S3 Fundamentals - S3 lifecycle rules - Quiz 7medium Security Groups and Network ACLs - Default security group behavior - Quiz 15hard Security Groups and Network ACLs - Stateless behavior of NACLs - Quiz 3easy