No Result
View All Result
IT Quesion Library
Contribute
No Result
View All Result
No Result
View All Result

A company operates a web application that runs on Amazon EC2 instances. The application listens on port 80 and port 443. The company uses an Application Load Balancer (ALB) with AWS WAF to terminate SSL and to forward traffic to the application instances only on port 80. The ALB is in public subnets that are associated with a network ACL that is named NACL. The application instances are in dedicated…

QuestionsCategory: SCS-C01A company operates a web application that runs on Amazon EC2 instances. The application listens on port 80 and port 443. The company uses an Application Load Balancer (ALB) with AWS WAF to terminate SSL and to forward traffic to the application instances only on port 80. The ALB is in public subnets that are associated with a network ACL that is named NACL. The application instances are in dedicated…
0 Vote Up Vote Down
Admin Staff asked 7 months ago 
A company operates a web application that runs on Amazon EC2 instances. The application listens on port 80 and port 443. The company uses an Application Load Balancer (ALB) with AWS WAF to terminate SSL and to forward traffic to the application instances only on port 80.
The ALB is in public subnets that are associated with a network ACL that is named NACL. The application instances are in dedicated private subnets that are associated with a network ACL that is named NACL2. An Amazon RDS for PostgreSQL DB instance that uses port 5432 is in a dedicated private subnet that is associated with a network ACL that is named NACL3. All the network ACLs currently allow all inbound and outbound traffic.
Which set of network ACL changes will increase the security of the application while ensuring functionality?

A. Make the following changes to NACL3:Add a rule that allows inbound traffic on port 5432 from NACL2.Add a rule that allows outbound traffic on ports 1024-65536 to NACL2.Remove the default rules that allow all inbound and outbound traffic.

B. Make the following changes to NACL3:Add a rule that allows inbound traffic on port 5432 from the CIDR blocks of the application instance subnets.Add a rule that allows outbound traffic on ports 1024-65536 to the application instance subnets.Remove the default rules that allow all inbound and outbound traffic.

C. Make the following changes to NACL2:Add a rule that allows outbound traffic on port 5432 to the CIDR blocks of the RDS subnets.Remove the default rules that allow all inbound and outbound traffic.

D. Make the following changes to NACL2:Add a rule that allows inbound traffic on port 5432 from the CIDR blocks of the RDS subnets.Add a rule that allows outbound traffic on port 5432 to the RDS subnets.








 

Suggested Answer: D

Community Answer: B




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.
Question Tags:

Next Post

101 Practice Test Free

101-500 Practice Test Free

102-500 Practice Test Free

Related Questions

Recommended

No Result
View All Result

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In