Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon PAS-C01 Exam - Topic 1 Question 52 Discussion

A company hosts multiple SAP applications on Amazon EC2 instances in a VPC While monitoring the environment the company notices that multiple port scans are attempting to connect to SAP portals inside the VPC. These port scans are originating from the same IP address block. The company must deny access to the VPC from all the offending IP addresses for the next 24 hours.Which solution win meet this requirement?
C) Create a policy in AWS identity and Access Management (1AM) to deny access from the IP address block and D) Configure the firewall m the operating system of the EC2 instances to deny access from the IP address block
A) Modify network ACLs that are associated with all public subnets in the VPC to deny access from the IP address block
B) Add a rule in the security group of the EC2 instances to deny access from the IP address block

Amazon PAS-C01 Exam - Topic 1 Question 52 Discussion

Actual exam question for Amazon's PAS-C01 exam
Question #: 52
Topic #: 1
[All PAS-C01 Questions]

A company hosts multiple SAP applications on Amazon EC2 instances in a VPC While monitoring the environment the company notices that multiple port scans are attempting to connect to SAP portals inside the VPC. These port scans are originating from the same IP address block. The company must deny access to the VPC from all the offending IP addresses for the next 24 hours.

Which solution win meet this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: C, D, F

https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/security.html https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/sap-monitoring.html


by Donte at Jan 22, 2025, 03:38 PM

Limited Time Offer

25%

Off

Get Premium PAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Merlyn
6 months ago
Totally agree with A, it's the most effective way to secure the VPC!
upvoted 0 times
...
Adelina
6 months ago
Wait, can you really just block an entire IP block like that?
upvoted 0 times
...
Tequila
7 months ago
D is a bit risky, better to handle it at the VPC level.
upvoted 0 times
...
Alyssa
7 months ago
I think B could work too, but A seems more comprehensive.
upvoted 0 times
...
Tori
7 months ago
A is the best option for this scenario.
upvoted 0 times
...
Starr
7 months ago
I think configuring the firewall on the EC2 instances could work, but it might be more complicated than just using network ACLs. I’m torn between A and D.
upvoted 0 times
...
Aleta
7 months ago
I feel like IAM policies are more about permissions rather than network access, so option C doesn’t seem right to me.
upvoted 0 times
...
Zena
8 months ago
I remember a practice question where we had to deny access using security groups. It seems like option B might be a good choice, but I’m not confident it would apply to all instances either.
upvoted 0 times
...
Tegan
8 months ago
I think modifying the network ACLs could be the right approach since they apply at the subnet level, but I'm not entirely sure if they would cover all instances.
upvoted 0 times
...
Lewis
8 months ago
I think the key here is to deny access from the specific IP address block, so modifying the network ACLs associated with the public subnets seems like the most straightforward solution. That way, we can easily block the offending IPs across the entire VPC.
upvoted 0 times
...
Nathalie
8 months ago
The operating system firewall option seems a bit too specific and might not be the most scalable solution, especially if we have multiple instances. I'd lean more towards the network ACL or security group approach.
upvoted 0 times
...
Marsha
8 months ago
Hmm, I'm a bit unsure about the IAM policy option. Does that really apply to network-level access control? I'll need to double-check the IAM documentation to be sure.
upvoted 0 times
...
Elly
8 months ago
This seems like a straightforward network security question. I'd start by looking at the options that directly address the VPC network access, like modifying the network ACLs or security groups.
upvoted 0 times
...
Kayleigh
1 year ago
Hmm, I wonder if the company has tried turning it off and on again? Just kidding, but seriously, these port scans sound like a real headache. I hope they find a quick fix!
upvoted 0 times
Alonso
12 months ago
D: Configuring the firewall in the operating system could be another way to deny access.
upvoted 0 times
...
Lamonica
12 months ago
C: Creating a policy in AWS IAM might be a good option too.
upvoted 0 times
...
Tish
12 months ago
B: Yeah, adding a rule in the security group of the EC2 instances could also work.
upvoted 0 times
...
Rebbecca
1 year ago
A: I think modifying the network ACLs in the VPC is the best solution.
upvoted 0 times
...
...
Tran
1 year ago
D? Really? Configuring the firewall on each individual EC2 instance sounds like a lot of work. I'd avoid that and go for a more centralized solution.
upvoted 0 times
...
Filiberto
1 year ago
Option C is an interesting choice, but I'm not sure if an IAM policy is the best fit for this scenario. It might be overkill and could be more complex to manage.
upvoted 0 times
Jonell
12 months ago
A: Let's go with option A then. It's the most efficient way to handle the situation.
upvoted 0 times
...
Billy
12 months ago
B: I agree with A. It's a straightforward solution to deny access.
upvoted 0 times
...
Jeffrey
1 year ago
A: I think option A is the best choice. Modifying network ACLs will block access from the offending IP address block.
upvoted 0 times
...
...
Leatha
1 year ago
I'd go with B. Updating the security group rules for the EC2 instances is a more targeted approach, and it's less likely to impact other resources in the VPC.
upvoted 0 times
Roselle
12 months ago
Agreed. It's important to minimize impact on other resources.
upvoted 0 times
...
Man
12 months ago
That makes sense. It's a focused solution.
upvoted 0 times
...
Dona
1 year ago
B) Add a rule in the security group of the EC2 instances to deny access from the IP address block
upvoted 0 times
...
...
Louvenia
1 year ago
Option A seems like the way to go. Modifying the network ACLs for the public subnets is the most effective way to deny access from the offending IP address block across the entire VPC.
upvoted 0 times
Lonna
1 year ago
User 2: I agree. It's important to deny access across the entire VPC to prevent any further port scans.
upvoted 0 times
...
Chaya
1 year ago
User 1: I think option A is the best choice. Modifying the network ACLs for the public subnets will block access from the offending IP address block.
upvoted 0 times
...
...
Shelba
1 year ago
But wouldn't creating a policy in IAM be a more secure option?
upvoted 0 times
...
Stacey
1 year ago
I disagree, I believe adding a rule in the security group of the EC2 instances is more effective.
upvoted 0 times
...
Shelba
1 year ago
I think the best solution is to modify network ACLs in the VPC.
upvoted 0 times
...

Save Cancel