Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam PAS-C01 Topic 1 Question 52 Discussion

Actual exam question for Amazon's PAS-C01 exam
Question #: 52
Topic #: 1
[All PAS-C01 Questions]

A company hosts multiple SAP applications on Amazon EC2 instances in a VPC While monitoring the environment the company notices that multiple port scans are attempting to connect to SAP portals inside the VPC. These port scans are originating from the same IP address block. The company must deny access to the VPC from all the offending IP addresses for the next 24 hours.

Which solution win meet this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: C, D, F

https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/security.html https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/sap-monitoring.html


by Donte at Jan 22, 2025, 03:38 PM

Limited Time Offer

25%

Off

Get Premium PAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kayleigh
14 days ago
Hmm, I wonder if the company has tried turning it off and on again? Just kidding, but seriously, these port scans sound like a real headache. I hope they find a quick fix!
upvoted 0 times
...
Tran
19 days ago
D? Really? Configuring the firewall on each individual EC2 instance sounds like a lot of work. I'd avoid that and go for a more centralized solution.
upvoted 0 times
...
Filiberto
21 days ago
Option C is an interesting choice, but I'm not sure if an IAM policy is the best fit for this scenario. It might be overkill and could be more complex to manage.
upvoted 0 times
Jeffrey
3 days ago
A: I think option A is the best choice. Modifying network ACLs will block access from the offending IP address block.
upvoted 0 times
...
...
Leatha
1 months ago
I'd go with B. Updating the security group rules for the EC2 instances is a more targeted approach, and it's less likely to impact other resources in the VPC.
upvoted 0 times
Dona
9 days ago
B) Add a rule in the security group of the EC2 instances to deny access from the IP address block
upvoted 0 times
...
...
Louvenia
2 months ago
Option A seems like the way to go. Modifying the network ACLs for the public subnets is the most effective way to deny access from the offending IP address block across the entire VPC.
upvoted 0 times
Lonna
20 days ago
User 2: I agree. It's important to deny access across the entire VPC to prevent any further port scans.
upvoted 0 times
...
Chaya
1 months ago
User 1: I think option A is the best choice. Modifying the network ACLs for the public subnets will block access from the offending IP address block.
upvoted 0 times
...
...
Shelba
2 months ago
But wouldn't creating a policy in IAM be a more secure option?
upvoted 0 times
...
Stacey
2 months ago
I disagree, I believe adding a rule in the security group of the EC2 instances is more effective.
upvoted 0 times
...
Shelba
2 months ago
I think the best solution is to modify network ACLs in the VPC.
upvoted 0 times
...

Save Cancel