SCS-C02 · Question #240
SCS-C02 Question #240: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #240. The question stem and answer options stay visible for context.
Question
A security engineer for a large company is managing a data processing application used by 1.500 subsidiary companies. The parent and subsidiary companies all use AWS. The application uses TCP port 443 and runs on Amazon EC2 behind a Network Load Balancer (NLB). For compliance reasons, the application should only be accessible to the subsidianes and should not be available on the public internet. To meet the compliance requirements for restricted access, the engineer has received the public and private CIDR block ranges for each subsidiary. What solution should the engineer use to implement the appropriate access restrictions for the application?
Options
- ACreate a NACL to allow access on TCP port 443 (rom the 1.500 subsidiary CIDR block ranges
- BCreate an AWS security group to allow access on TCP port 443 from the 1,500 subsidiary CIDR
- CCreate an AWS PrivateLink endpoint service in the parent company account attached to the NLB.
- DCreate an AWS security group to allow access on TCP port 443 from the 1.500 subsidiary CIDR
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.