You want to secure a web server so only your company's office IP range (203.0.113.0/24) can access HTTP (port 80), but allow SSH (port 22) from anywhere for remote admins. Which security group rules should you create?
AAllow inbound TCP port 80 from 0.0.0.0/0 and inbound TCP port 22 from 203.0.113.0/24
BAllow inbound TCP port 80 from 203.0.113.0/24 and inbound TCP port 22 from 0.0.0.0/0
CAllow inbound TCP port 80 and 22 both from 203.0.113.0/24 only
DAllow inbound TCP port 80 and 22 both from 0.0.0.0/0 only
Step-by-Step Solution
Solution:
Step 1: Match HTTP access to office IP range
HTTP (port 80) should be allowed only from 203.0.113.0/24 to restrict access to office IPs.
Step 2: Allow SSH from anywhere
SSH (port 22) should be open to 0.0.0.0/0 to allow remote admins from any IP.
Final Answer:
Allow inbound TCP port 80 from 203.0.113.0/24 and inbound TCP port 22 from 0.0.0.0/0 -> Option B
Quick Check:
HTTP restricted, SSH open = A [OK]
Quick Trick:Restrict HTTP, open SSH from anywhere [OK]
Common Mistakes:
MISTAKES
Reversing IP ranges for ports
Opening HTTP to all IPs
Restricting SSH too much
Master "Security Groups and Network ACLs" in AWS
9 interactive learning modes - each teaches the same concept differently
