Which of the following actions should the analyst take to accomplish the objective?

A cloud security analyst needs to ensure the web servers in the public subnet allow only secure communications and must remediate any possible issue.

The stateful configuration for the public web servers is as follows:

Which of the following actions should the analyst take to accomplish the objective?
A . Remove rules 1, 2, and 5.
B . Remove rules 1, 3, and 4.
C . Remove rules 2, 3, and 4.
D . Remove rules 3, 4, and 5.

View Answer

Answer: A

Explanation:

To ensure the web servers in the public subnet allow only secure communications and remediate any possible issue, the analyst should remove rules 1, 2, and 5 from the stateful configuration. These rules are allowing insecure or unnecessary traffic to or from the web servers, which may pose security risks or performance issues.

The rules are:

✑ Rule 1: This rule allows inbound traffic on port 80 (HTTP) from any source to any destination. HTTP is an unencrypted and insecure protocol that can expose web traffic to interception, modification, or spoofing. The analyst should remove this rule and use HTTPS (port 443) instead, which encrypts and secures web traffic.

✑ Rule 2: This rule allows outbound traffic on port 25 (SMTP) from any source to any

destination. SMTP is a protocol that is used to send email messages. The web servers in the public subnet do not need to send email messages, as this is not their function. The analyst should remove this rule and block outbound SMTP traffic, which may prevent spamming or phishing attacks from compromised web servers.

✑ Rule 5: This rule allows inbound traffic on port 22 (SSH) from any source to any destination. SSH is a protocol that allows remote access and management of systems or devices using a command-line interface. The web servers in the public subnet do not need to allow SSH access from any source, as this may expose them to unauthorized or malicious access. The analyst should remove this rule and restrict SSH access to specific sources, such as the administrator’s workstation or a bastion host.