AWS SAA-C03 · Question 14 · Domain 1.2: Secure Workloads
A company is deploying a new application on Amazon EC2 instances. The security team requires that all network traffic to and from the instances be strictly controlled. Specifically, they want to block traffic from a known malicious IP address at the subnet level, and only allow HTTP/HTTPS traffic to the instances. <br/><br/>Which TWO actions should the solutions architect take? (Select TWO.)
Answer options:
Create a Network ACL and add a deny rule for the malicious IP address.
Configure a Security Group to deny traffic from the malicious IP address.
Configure a Security Group to allow inbound HTTP and HTTPS traffic and attach it to the EC2 instances.
Create an AWS WAF rule to block the malicious IP address and attach it to the EC2 instances.
Modify the VPC Route Table to route traffic from the malicious IP to a blackhole.
65 questions · hints · full answers · grading
Expert