nerdexam
Cisco

300-540 · Question #47

300-540 Question #47: Real Exam Question with Answer & Explanation

The correct answer is B. Security group. AWS Security Groups act as the primary stateful firewalls for EC2 instances. To restrict SSH (TCP/22) to a single host (20.20.20.20/32), a Security Group must be configured with: Inbound rule: TCP 22 Source: 20.20.20.20/32 ACLs operate at the subnet level but are not used for ins

Question

An engineer must create a new VPC and deploy several Amazon EC2 instances in AWS. Only SSH connections originating from IP address 20.20.20.20 must be allowed to reach the EC2 instances. What must be configured?

Options

  • AAccess control list
  • BSecurity group
  • CWeb application firewall
  • DResource group

Explanation

AWS Security Groups act as the primary stateful firewalls for EC2 instances. To restrict SSH (TCP/22) to a single host (20.20.20.20/32), a Security Group must be configured with: Inbound rule: TCP 22 Source: 20.20.20.20/32 ACLs operate at the subnet level but are not used for instance-specific SSH restrictions. WAF controls HTTP/HTTPS traffic, not SSH. Resource groups only organize cloud assets.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-540 Practice