SCS-C02 · Question #301
SCS-C02 Question #301: Real Exam Question with Answer & Explanation
The correct answer is A: Port 443 coming from 0.0.0.0/0. Since HTTPS traffic is required for all users on the Internet, Port 443 should be open on all IP For port 22, the traffic should be restricted to an internal subnet. Option B is invalid, because this only allow traffic from a particular CIDR block and not from the Option C is inv
Question
A company is hosting a website that must be accessible to users for HTTPS traffic. Also port 22 should be open for administrative purposes. The administrator's workstation has a static IP address of 203.0.113.1/32. Which of the following security group configurations are the MOST secure but still functional to support these requirements? Choose 2 answers from the options given below
Options
- APort 443 coming from 0.0.0.0/0
- BPort 443 coming from 10.0.0.0/16
- CPort 22 coming from 0.0.0.0/0
- DPort 22 coming from 203.0.113.1/32
Explanation
Since HTTPS traffic is required for all users on the Internet, Port 443 should be open on all IP For port 22, the traffic should be restricted to an internal subnet. Option B is invalid, because this only allow traffic from a particular CIDR block and not from the Option C is invalid because allowing port 22 from the internet is a security risk https://docs.aws.amazon.com/AWSEC2/latest/ UserGuide/usins-network-secunty.htmll
Community Discussion
No community discussion yet for this question.