New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 6 Question 31 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 31
Topic #: 6
[All SCS-C02 Questions]

An AWS account that is used for development projects has a VPC that contains two subnets. The first subnet is named public-subnet-1 and has the CIDR block 192.168.1.0/24 assigned. The other subnet is named private-subnet-2 and has the CIDR block 192.168.2.0/24 assigned. Each subnet contains Amazon EC2 instances.

Each subnet is currently using the VPC's default network ACL. The security groups that the EC2 instances in these subnets use have rules that allow traffic between each instance where required. Currently, all network traffic flow is working as expected between the EC2 instances that are using these subnets.

A security engineer creates a new network ACL that is named subnet-2-NACL with default entries. The security engineer immediately configures private-subnet-2 to use the new network ACL and makes no other changes to the infrastructure. The security engineer starts to receive reports that the EC2 instances in public-subnet-1 and public-subnet-2 cannot communicate with each other.

Which combination of steps should the security engineer take to allow the EC2 instances that are running in these two subnets to communicate again? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: C

by Brice at Sep 16, 2024, 10:33 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Nelida
3 months ago
I think they also need to check the default NACL settings too.
upvoted 0 times
...
Gregg
3 months ago
Adding an outbound rule for 192.168.2.0/24 in subnet-2-NACL should fix it.
upvoted 0 times
...
Jesusita
3 months ago
Wait, why would they change the NACL without checking the rules first?
upvoted 0 times
...
Lavina
4 months ago
Definitely need to add an inbound rule for 192.168.1.0/24 in subnet-2-NACL.
upvoted 0 times
...
Carol
4 months ago
The new NACL is blocking traffic between the subnets.
upvoted 0 times
...
Mee
4 months ago
I feel like we might need to add rules in both directions, but I can't recall if we should start with inbound or outbound first.
upvoted 0 times
...
Alisha
4 months ago
I practiced a similar question where we had to adjust NACLs for communication between subnets. I think we need to allow traffic from 192.168.1.0/24 in subnet-2-NACL.
upvoted 0 times
...
Georgeanna
4 months ago
I'm a bit unsure about which subnet's NACL to modify. Should we be focusing on subnet-2-NACL or the default one?
upvoted 0 times
...
Val
5 months ago
I remember that network ACLs are stateless, so I think we need to add rules for both inbound and outbound traffic.
upvoted 0 times
...
Chantay
5 months ago
Ah, I think I've got it. The security engineer needs to add an outbound allow rule for the 192.168.2.0/24 CIDR block in the subnet-2-NACL, and an inbound allow rule for the 192.168.1.0/24 CIDR block in the same network ACL. That should restore the communication between the instances.
upvoted 0 times
...
Carline
5 months ago
I'm a bit confused here. The question mentions that the security groups are configured correctly, so the issue must be with the network ACL. I'll need to review the CIDR blocks and the rules in the new network ACL to determine the best solution.
upvoted 0 times
...
Kami
5 months ago
Hmm, this seems like a tricky one. I'll need to carefully analyze the network setup and the changes made to the network ACL.
upvoted 0 times
...
Cherrie
5 months ago
Okay, let me think this through. The issue is that the EC2 instances in the public subnet can't communicate with the ones in the private subnet after the new network ACL was applied. I'll need to figure out the right combination of rules to restore the connectivity.
upvoted 0 times
...
Mignon
5 months ago
Okay, I think I've got a good handle on this. The key seems to be balancing the interests of the shareholders with the long-term strategy of the company. I'll focus on options that maximize shareholder value while also protecting the company's future.
upvoted 0 times
...
Aleshia
10 months ago
I bet the security engineer is scratching their head over this one. Maybe they should consult the AWS documentation - it's the holy grail for these kinds of questions!
upvoted 0 times
Winfred
9 months ago
Consulting the AWS documentation is always a good idea!
upvoted 0 times
...
Barney
9 months ago
B) Add an inbound allow rule for 192.168.1.0/24 in subnet-2-NACL.
upvoted 0 times
...
Stephaine
9 months ago
A) Add an outbound allow rule for 192.168.2.0/24 in subnet-2-NACL.
upvoted 0 times
...
Jeanice
9 months ago
The security engineer should definitely check the AWS documentation for guidance.
upvoted 0 times
...
Frank
10 months ago
C) Add an outbound allow rule for 192.168.2.0/24 in subnet-2-NACL.
upvoted 0 times
...
Shawnna
10 months ago
A) Add an outbound allow rule for 192.168.2.0/24 in the VPC's default network ACL.
upvoted 0 times
...
...
Deeanna
10 months ago
This is a tricky one, but I think the security engineer should go with C and D. Gotta love those network ACL shenanigans!
upvoted 0 times
...
Rashad
10 months ago
Haha, this question is a classic! The security engineer needs to remember that network ACLs are stateless, so they need to add rules for both inbound and outbound traffic. C and D are the way to go.
upvoted 0 times
Kanisha
9 months ago
Good to know! Thanks for the explanation.
upvoted 0 times
...
Gracia
9 months ago
Yes, and adding an inbound allow rule for 192.168.1.0/24 in subnet-2-NACL will allow communication from public-subnet-1 to private-subnet-2.
upvoted 0 times
...
Emiko
9 months ago
Exactly! Those are the correct steps to take.
upvoted 0 times
...
Elly
10 months ago
Exactly! Adding an outbound allow rule for 192.168.2.0/24 in subnet-2-NACL will allow communication from private-subnet-2 to public-subnet-1.
upvoted 0 times
...
Shawn
10 months ago
D) Add an inbound allow rule for 192.168.1.0/24 in subnet-2-NACL.
upvoted 0 times
...
Virgina
10 months ago
C) Add an outbound allow rule for 192.168.2.0/24 in subnet-2-NACL.
upvoted 0 times
...
...
Bette
10 months ago
I'm not sure about that. Maybe we should also consider adding an outbound allow rule for 192.168.1.0/24 in the VPC's default network ACL.
upvoted 0 times
...
Willetta
11 months ago
I'm pretty sure the answer is C and E. Why would we need to touch the VPC's default network ACL? That seems like overkill.
upvoted 0 times
Rusty
10 months ago
So the correct combination would be C, E, and also D. Thanks for pointing that out.
upvoted 0 times
...
Jackie
10 months ago
You're correct, we should add an inbound rule in subnet-2-NACL as well.
upvoted 0 times
...
Aleisha
10 months ago
But wouldn't adding an inbound rule in subnet-2-NACL also be necessary?
upvoted 0 times
...
Naomi
10 months ago
I think you're right, C and E should do the trick.
upvoted 0 times
...
...
Justine
11 months ago
The correct answers are C and D. By adding an outbound allow rule for 192.168.2.0/24 in subnet-2-NACL and an inbound allow rule for 192.168.1.0/24 in subnet-2-NACL, the security engineer can restore communication between the EC2 instances in the two subnets.
upvoted 0 times
...
Demetra
11 months ago
I agree with Elin. We also need to add an inbound allow rule for 192.168.1.0/24 in subnet-2-NACL.
upvoted 0 times
...
Elin
11 months ago
I think we should add an outbound allow rule for 192.168.2.0/24 in subnet-2-NACL.
upvoted 0 times
...

Save Cancel