Bird
0
0

How should you configure Security Groups and Network ACLs to meet these requirements?

hard📝 Application Q9 of 15
AWS - Security Groups and Network ACLs
An application requires that all inbound traffic be logged and monitored at the subnet level, and only specific instances allow SSH access. How should you configure Security Groups and Network ACLs to meet these requirements?
AEnable VPC Flow Logs for instances; Network ACL restricts SSH; Security Groups allow all inbound
BEnable VPC Flow Logs for subnet; Network ACL allows all inbound; Security Groups restrict SSH per instance
CDisable VPC Flow Logs; Network ACL restricts SSH; Security Groups allow all inbound
DEnable VPC Flow Logs for subnet; Network ACL restricts SSH; Security Groups allow all inbound
Step-by-Step Solution
Solution:

  1. Step 1: Enable VPC Flow Logs at subnet level

    VPC Flow Logs capture traffic metadata for monitoring at subnet level.

  2. Step 2: Configure Network ACL to allow all inbound traffic

    Allow all inbound in NACL to avoid blocking traffic before instance-level filtering.

  3. Step 3: Use Security Groups to restrict SSH access per instance

    Security Groups provide fine-grained control to allow SSH only on specific instances.

  4. Final Answer:

    Enable VPC Flow Logs for subnet; Network ACL allows all inbound; Security Groups restrict SSH per instance -> Option B

  5. Quick Check:

    Subnet logging + NACL allow + SG restrict = correct setup [OK]
Quick Trick: Log at subnet; allow all in NACL; restrict in Security Groups [OK]
Common Mistakes:
MISTAKES
  • Restricting SSH in NACL blocks traffic subnet-wide
  • Disabling VPC Flow Logs misses monitoring
  • Allowing all inbound in Security Groups reduces security

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS CLI - Using profiles for multiple accounts - Quiz 15hard Cloud Computing Fundamentals - What is cloud computing - Quiz 15hard Cloud Computing Fundamentals - Cloud service models (IaaS, PaaS, SaaS) - Quiz 11easy EC2 Fundamentals - Instance states (running, stopped, terminated) - Quiz 4medium Identity and Access Management - Least privilege principle - Quiz 11easy Identity and Access Management - Policy evaluation logic - Quiz 13medium S3 Fundamentals - Static website hosting on S3 - Quiz 5medium S3 Fundamentals - Buckets and objects concept - Quiz 14medium Security Groups and Network ACLs - Why security groups matter - Quiz 9hard Security Groups and Network ACLs - Stateful behavior of security groups - Quiz 6medium