Topic 1 Question 25
While securing the connection between a company’s VPC and its on-premises data center, a security engineer sent a ping command from an on-premises host (IP address 203.0.113.12) to an Amazon EC2 instance (IP address 172.31.16.139). The ping command did not return a response. The flow log in the VPC showed the following:
What action should be performed to allow the ping to work?In the security group of the EC2 instance, allow inbound ICMP traffic.
In the security group of the EC2 instance, allow outbound ICMP traffic.
In the VPC’s NACL, allow inbound ICMP traffic.
In the VPC’s NACL, allow outbound ICMP traffic.
ユーザの投票
コメント(14)
For security group outbound rule is automatically allowed as security groups are stateful, NACL is stateless, so answer will be D as we need to allow the outbound rule in VPC's NACL.
👍 4i7ovemyself2024/02/26- 正解だと思う選択肢: D
NACLs are stateless and do not track the state of a connection, while Security Groups are stateful and allow traffic based on the response to previous traffic.
Default rule: NACLs have a default rule that denies all traffic, while Security Groups have a default rule that allows all traffic.
👍 3Christina6662023/11/18 - 👍 2aragon_saa2023/10/02
シャッフルモード