vpc peering

Create a new peering connection Between Prod and Dev along with appropriate routes.

Create a new entry to Prod in the Dev route table using the peering connection as the target.

Attach a second gateway to Dev. Add a new entry in the Prod route table identifying the gateway as the target.

The VPCs have non-overlapping CIDR blocks in the same account. The route tables contain local routes for all VPCs.

The routing table of subnet A has no target route to subnet B

The security group attached to instance B does not allow inbound ICMP traffic

The policy linked to the IAM role on instance A is not configured correctly

The NACL on subnet B does not allow outbound ICMP traffic

The outbound security group needs to be modified to allow outbound traffic

The outbound network ACL needs to be modified to allow outbound traffic

Nothing, it can be accessed from any IP address using SSH

Both the outbound security group and outbound network ACL need to be modified to allow outbound traffic.

Security group restricts access to a Subnet while ACL restricts traffic to EC2

Security group restricts access to EC2 while ACL restricts traffic to a subnet

Security group can work outside the VPC also while ACL only works within a VPC

Network ACL performs stateless filtering and Security group provides stateful filtering

Security group can only set Allow rule, while ACL can set Deny rule also

Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block

Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block

Add a rule to all of the VPCs Security Groups to deny access from the IP address block

Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block