PrepAway - Latest Free Exam Questions & Answers

Which of the following is the best method to quickly and temporarily deny access from the specified IP address

You are currently hosting multiple applications in a VPC and have logged numerous port scans
coming in from a specific IP address block. Your security team has requested that all access from
the offending IP address block be denied tor the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the
specified IP address block?

PrepAway - Latest Free Exam Questions & Answers

A.
Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny
access from the IP address block

B.
Modify the Network ACLs associated with all public subnets in the VPC to deny access from the
IP address block

C.
Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block

D.
Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your
organization uses in that VPC to deny access from the IP address block

Explanation:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

16 Comments on “Which of the following is the best method to quickly and temporarily deny access from the specified IP address

  2. Anuj says:

    A.

    It would be best to Block at Router Layer not instance on instance layer. ACL blocks on router level while security groups block on instance level.




    0



    1
    2. Rob says:

      Then your answer is B, not A!
      And its not about “router layer”, you actually don’t have access to the router. The question centers in “denying” and IP or IP’s, and the only way to do that is using NACLs.

      So final Answer is B.




      0



      0
  9. Hank Mort says:

    the questions are very close to the actual exam. yes I have and they work. don’t rely on the answers though and do your research.




    1



    0

Leave a Reply

Your email address will not be published. Required fields are marked *