Bird
0
0

A security group has an inbound rule allowing TCP port 22 from 203.0.113.0/24. A user from IP 203.0.114.5 cannot SSH into the instance. What is the most likely reason?

medium📝 Debug Q7 of 15
AWS - Security Groups and Network ACLs
A security group has an inbound rule allowing TCP port 22 from 203.0.113.0/24. A user from IP 203.0.114.5 cannot SSH into the instance. What is the most likely reason?
AThe user's IP is outside the allowed CIDR range
BPort 22 is blocked by AWS firewall
COutbound rules are missing
DSecurity groups do not control SSH access
Step-by-Step Solution
Solution:

  1. Step 1: Check CIDR range in inbound rule

    The rule allows IPs from 203.0.113.0 to 203.0.113.255 only.

  2. Step 2: Compare user's IP

    User IP 203.0.114.5 is outside the allowed range, so connection is blocked.

  3. Final Answer:

    The user's IP is outside the allowed CIDR range -> Option A

  4. Quick Check:

    IP outside CIDR = blocked [OK]
Quick Trick: CIDR must include user IP to allow access [OK]
Common Mistakes:
MISTAKES
  • Assuming AWS blocks port 22 by default
  • Ignoring outbound rules impact
  • Thinking security groups don't control SSH

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS CLI - CLI output formats (json, table, text) - Quiz 13medium AWS CLI - CLI output formats (json, table, text) - Quiz 8hard AWS CLI - Why CLI matters for automation - Quiz 6medium Cloud Computing Fundamentals - Cloud service models (IaaS, PaaS, SaaS) - Quiz 14medium S3 Fundamentals - Static website hosting on S3 - Quiz 15hard S3 Fundamentals - Uploading and downloading objects - Quiz 8hard S3 Fundamentals - Why S3 matters for object storage - Quiz 3easy Security Groups and Network ACLs - Default security group behavior - Quiz 1easy Security Groups and Network ACLs - Network ACLs overview - Quiz 4medium Security Groups and Network ACLs - Security groups vs NACLs decision - Quiz 5medium