0
0
AWScloud~20 mins

Why security groups matter in AWS - Challenge Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Security Group Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
What is the main purpose of a security group in AWS?

Imagine your house has a fence with a gate that only lets in people you trust. What does a security group do in AWS?

AIt stores your data securely in the cloud.
BIt automatically backs up your cloud resources every hour.
CIt controls which traffic is allowed to reach your cloud resources by acting like a virtual firewall.
DIt manages the billing and cost reports for your AWS account.
Attempts:
2 left
💡 Hint

Think about how you protect your house from strangers.

service_behavior
intermediate
2:00remaining
What happens if you do not assign any inbound rules to a security group attached to an EC2 instance?

You launch a new EC2 instance and attach a security group with no inbound rules. What will happen when you try to connect to it?

AYou will not be able to connect because no inbound traffic is allowed.
BYou will be able to connect because AWS allows all inbound traffic by default.
CThe instance will automatically create inbound rules to allow connections.
DThe instance will reject all outbound traffic but allow inbound connections.
Attempts:
2 left
💡 Hint

Think about what happens if your fence has no gate.

Architecture
advanced
2:30remaining
Which security group configuration best protects a web server accessible only on HTTP and SSH from a specific IP?

You have a web server that should accept HTTP traffic from anyone and SSH only from your office IP 203.0.113.5. Which security group rules achieve this?

AInbound rules: Allow TCP port 80 and 22 from 203.0.113.5/32
BInbound rules: Allow TCP port 80 from 203.0.113.5/32; Allow TCP port 22 from 0.0.0.0/0
CInbound rules: Allow TCP port 80 and 22 from 0.0.0.0/0
DInbound rules: Allow TCP port 80 from 0.0.0.0/0; Allow TCP port 22 from 203.0.113.5/32
Attempts:
2 left
💡 Hint

HTTP should be open to all, SSH only to your office IP.

security
advanced
2:30remaining
What is the effect of adding an outbound rule that denies all traffic in a security group?

You add an outbound rule to a security group that denies all traffic. What will happen to the instances using this security group?

AInstances will be completely isolated, no inbound or outbound traffic allowed.
BThe deny rule will be ignored because security groups only allow rules, not deny rules.
CInstances will be blocked from receiving inbound traffic but can send outbound traffic.
DInstances will not be able to send any outbound traffic, but inbound traffic is unaffected.
Attempts:
2 left
💡 Hint

Remember how security groups handle rules: allow or deny?

Best Practice
expert
3:00remaining
Why is it recommended to use separate security groups for different application tiers (e.g., web, app, database)?

Consider a multi-tier application with web, application, and database layers. Why should you assign different security groups to each layer?

ATo control traffic flow precisely between layers and limit exposure if one layer is compromised.
BTo reduce AWS costs by minimizing the number of security groups used.
CTo allow all traffic between layers without restrictions for easier management.
DTo enable automatic scaling of security groups with the number of instances.
Attempts:
2 left
💡 Hint

Think about how fences between rooms help contain problems.