0
0
AWScloud~20 mins

Stateful behavior of security groups in AWS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Security Group Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
How does a security group handle return traffic?
You have an EC2 instance with a security group allowing inbound TCP traffic on port 80. What happens to the response traffic from the instance back to the client?
AResponse traffic is allowed only if the inbound rule is set to allow all protocols.
BYou must create an outbound rule to allow response traffic on port 80.
CResponse traffic is blocked unless you add a rule for ephemeral ports.
DThe security group automatically allows the response traffic without an explicit outbound rule.
Attempts:
2 left
💡 Hint
Think about how stateful firewalls track connections.
service_behavior
intermediate
2:00remaining
Outbound traffic behavior with no outbound rules
An EC2 instance has a security group with no outbound rules defined. What is the behavior of outbound traffic from this instance?
AOutbound traffic is allowed only if inbound rules permit it.
BOutbound traffic is allowed only on port 22.
CAll outbound traffic is blocked because no outbound rules exist.
DAll outbound traffic is allowed by default.
Attempts:
2 left
💡 Hint
Consider the default behavior of security groups regarding outbound rules.
Architecture
advanced
3:00remaining
Designing a security group for a web server with database access
You have a web server in a public subnet and a database server in a private subnet. The web server needs to accept HTTP traffic from the internet and connect to the database on port 3306. Which security group configuration correctly supports this while following best practices?
AWeb server SG allows inbound HTTP from 0.0.0.0/0 and outbound MySQL to database SG; Database SG allows inbound MySQL from web server SG.
BWeb server SG allows inbound HTTP from database SG and outbound MySQL to 0.0.0.0/0; Database SG allows inbound MySQL from 0.0.0.0/0.
CWeb server SG allows inbound HTTP from 0.0.0.0/0 and inbound MySQL from database SG; Database SG allows inbound MySQL from web server SG.
DWeb server SG allows inbound HTTP from 0.0.0.0/0 and outbound MySQL to 0.0.0.0/0; Database SG allows inbound MySQL from web server SG.
Attempts:
2 left
💡 Hint
Think about restricting access to only necessary sources and destinations.
security
advanced
2:00remaining
Impact of removing inbound rules on existing connections
An EC2 instance has an active SSH session established through a security group rule allowing inbound TCP port 22. If you remove the inbound rule while the session is active, what happens to the SSH connection?
AThe SSH session immediately drops as the inbound rule is removed.
BThe SSH session remains active until closed by the client or server.
CThe SSH session remains active but no new inbound SSH connections are allowed.
DThe SSH session is paused until the inbound rule is added back.
Attempts:
2 left
💡 Hint
Consider how stateful security groups track existing connections.
Best Practice
expert
3:00remaining
Minimizing attack surface using security groups in a multi-tier application
You manage a multi-tier application with web, application, and database layers in separate subnets. To minimize the attack surface, which security group strategy is best?
AAllow inbound traffic only from the previous tier's security group and restrict all other inbound traffic.
BAllow inbound traffic from all subnets in the VPC to simplify connectivity.
CAllow inbound traffic from the internet to all tiers for flexibility.
DAllow inbound traffic only on port 22 from the internet to all tiers for management.
Attempts:
2 left
💡 Hint
Think about limiting access strictly between tiers.