SCS-C02 · Question #327
SCS-C02 Question #327: Real Exam Question with Answer & Explanation
The correct answer is C: Change the Inbound NACL to deny access from the suspecting IP. Option A and B are invalid because by default the Security Groups already block traffic. You can use NACL's as an additional security layer for the subnet to deny traffic. Option D is invalid since just changing the Inbound Rules is sufficient.
Question
A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet that was created with default ACL settings. The IT Security department has a suspicion that a DDos attack is coming from a suspecting IP. How can you protect the subnets from this attack?
Options
- AChange the Inbound Security Groups to deny access from the suspecting IP
- BChange the Outbound Security Groups to deny access from the suspecting IP
- CChange the Inbound NACL to deny access from the suspecting IP
- DChange the Outbound NACL to deny access from the suspecting IP
Explanation
Option A and B are invalid because by default the Security Groups already block traffic. You can use NACL's as an additional security layer for the subnet to deny traffic. Option D is invalid since just changing the Inbound Rules is sufficient.
Community Discussion
No community discussion yet for this question.