Which configuration below will satisfy this requirement?
A Solutions Architect needs to make sure that the On-Demand EC2 instance can only be accessed from this IP address (110.238.98.71) via an SSH connection .
Which configuration below will satisfy this requirement?
A . Security Group Inbound Rule: Protocol C UDP, Port Range C 22, Source 110.238.98.71/32
B . Security Group Inbound Rule: Protocol C UDP, Port Range C 22, Source 110.238.98.71/0
C . Security Group Inbound Rule: Protocol C TC
D . Port Range C 22, Source 110.238.98.71/32
E . Security Group Inbound Rule: Protocol C TC
F . Port Range C 22, Source 110.238.98.71/0
Answer: C
Explanation:
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC
can be assigned to a different set of security groups.
The requirement is to only allow the individual IP of the client and not the entire network. Therefore, the proper CIDR notation should be used. The /32 denotes one IP address and the /0 refers to the entire network. Take note that the SSH protocol uses TCP and port 22.
Hence, the correct answer is: Protocol C TCP, Port Range C 22, Source 110.238.98.71/32
Protocol C UDP, Port Range C 22, Source 110.238.98.71/32 and Protocol C UDP, Port Range C 22, Source 110.238.98.71/0 are incorrect as they are using UDP.
Protocol C TCP, Port Range C 22, Source 110.238.98.71/0 is incorrect because it uses a /0 CIDR notation.
Protocol C TCP, Port Range C 22, Source 110.238.98.71/0 is incorrect because it allows the entire
network instead of a single IP.
Explanation:
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rul
es
Tutorials Dojo’s AWS Certified Solutions Architect Associate Exam Study Guide:
https://tutorialsdojo.com/aws-certified-solutions-architect-associate/
Latest SAA-C03 Dumps Valid Version with 400 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund