Topic 1 Question 196
A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon EC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified.
Which solution will meet this requirement?
Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance.
Use VPC flow logs with Amazon Athena to block traffic to the external IP address.
Create a network ACL. Add an outbound deny rule for traffic to the external IP address.
Create a new security group to block traffic to the external IP address. Assign the new security group to the entire VPC.
ユーザの投票
コメント(3)
Security groups are out because you allow traffic using security groups not block. VPC flow logs with Athena? How can that help? And the ACL outbound rule to block the IP? ACL makes the most sense because if the IP is the destination the outbound rule to block will do. However it would make more sense to modify existing ACL because a subnet can be associated with only one ACL. So I am going to say C is the correct one.
👍 4beznika2022/12/18- 正解だと思う選択肢: C
Answer is C, ACL is the only way to block outbound traffic
👍 2zolthar_z2022/12/20 C, best way to block outbound traffic, but I'm not sure why you need to create a new NACL instead of add the rule to the existing one
👍 1pepecastr02023/06/06
シャッフルモード