SCS-C03 · Question #126
SCS-C03 Question #126: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #126. The question stem and answer options stay visible for context.
Question
A company operates an Amazon EC2 instance that is registered as a target of a Network Load Balancer (NLB). The NLB is associated with a security group. The security group allows inbound TCP traffic on port 22 from 10.0.0.0/23. The company maps the NLB to two subnets that share the same network ACL and route table. The route table has a route for 0.0.0.0/0 to an internet gateway. The network ACL has one inbound rule that has a priority of 20 and that allows TCP traffic on port 22 from 10.0.0.0/16. A security engineer receives an alert that there is an unauthorized SSH session on the EC2 instance. The unauthorized session originates from 10.0.1.5. The company's incident response procedure requires unauthorized SSH sessions to be immediately interrupted. The instance must remain running, and its memory must remain intact. Which solution will meet these requirements?
Options
- ARestart the EC2 instance from either the AWS Management Console or the AWS CLI.
- BAdd a new inbound rule that has a priority of 10 to the network ACL to deny TCP traffic on port 22
- CRemove the security group rule that allows inbound TCP traffic on port 22 from 10.0.0.0/16.
- DUpdate the route table to remove the route to the internet gateway.
Unlock SCS-C03 to see the answer
You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.