A web application hosted on a fleet of EC2 instances managed by an Auto Scaling Group. You are exposing this application through an Application Load Balancer. Both the EC2 instances and the ALB are deployed on a VPC with the following CIDR 192.168.0.0/18. How do you configure the EC2 instances' security group to ensure only the ALB can access them on port 80?

Add an Inbound Rule with port 80 and ALB's Security Group as the source

Add an Inbound Rule with port 80 and 0.0.0.0/0 as the source

Add an Inbound Rule with port 80 and 192.168.0.0/18 as the source

Load an SSL certificate on the ALB

Sec. 10: VPC Fundamentals

Authored by Renato Biz Martins

Instructional Technology

University

Used 3+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

8 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Security Groups operate at the ................. level while NACLs operate at the ................. level.

EC2 instance, Subnet

Subnet, EC2 instance

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have attached an Internet Gateway to your VPC, but your EC2 instances still don't have access to the internet. What is NOT a possible issue?

Route Tables are missing entries

The EC2 instances don't have public IPs

The Security Group does not allow traffic in

The NACL does not allow network traffic out

Answer explanation

Security groups are stateful and if traffic can go out, then it can go back in.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You would like to provide Internet access to your EC2 instances in private subnets with IPv4 while making sure this solution requires the least amount of administration and scales seamlessly. What should you use?

NAT Instances with Source/Destination Check flag off

NAT Gateway

Egress Only Internet Gateway

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

When using VPC Endpoints, what are the only two AWS services that have a Gateway Endpoint available?

Amazon S3 & Amazon SQS

Amazon SQS & DynamoDB

Amazon S3 & DynamoDB

Answer explanation

These two services have a VPC Gateway Endpoint (remember it), all the other ones have an Interface endpoint (powered by Private Link - means a private IP).

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have 3 VPCs A, B, and C. You want to establish a VPC Peering connection between all the 3 VPCs. What should you do?

Establish 3 VPC Peering connections (A-B, A-C, B-C)

As VPC Peering supports Transitive Peering, so you need to establish 2 VPC Peering connections (A-B, B-C)

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How can you capture information about IP traffic inside your VPCs?

Enable VPC Traffic Mirroring

Enable VPC Flow Logs

Enable CloudWatch Traffic Logs

Answer explanation

VPC Flow Logs is a VPC feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You need to set up a dedicated connection between your on-premises corporate datacenter and AWS Cloud. This connection must be private, consistent, and traffic must not travel through the Internet. Which AWS service should you use?

Site-to-Site VPN

AWS PrivateLink

Amazon EventBridge

AWS Direct Connect

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

8 questions

AWS CLI

Quiz

•

University

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Instructional Technology

18 questions

Valentines Day Trivia

Quiz

•

3rd Grade - University

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

5 questions

What is Presidents' Day?

Interactive video

•

10th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

20 questions

Mardi Gras History

Quiz

•

6th Grade - University

10 questions

The Roaring 20's Crash Course US History

Interactive video

•

11th Grade - University

17 questions

Review9_TEACHER

Quiz

•

University

Sec. 10: VPC Fundamentals

Security Groups operate at the ................. level while NACLs operate at the ................. level.

You have attached an Internet Gateway to your VPC, but your EC2 instances still don't have access to the internet. What is NOT a possible issue?

Security groups are stateful and if traffic can go out, then it can go back in.

You would like to provide Internet access to your EC2 instances in private subnets with IPv4 while making sure this solution requires the least amount of administration and scales seamlessly. What should you use?

When using VPC Endpoints, what are the only two AWS services that have a Gateway Endpoint available?

These two services have a VPC Gateway Endpoint (remember it), all the other ones have an Interface endpoint (powered by Private Link - means a private IP).

You have 3 VPCs A, B, and C. You want to establish a VPC Peering connection between all the 3 VPCs. What should you do?

How can you capture information about IP traffic inside your VPCs?

VPC Flow Logs is a VPC feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

You need to set up a dedicated connection between your on-premises corporate datacenter and AWS Cloud. This connection must be private, consistent, and traffic must not travel through the Internet. Which AWS service should you use?

This is the most secure way of ensuring only the ALB can access the EC2 instances. Referencing by security groups in rules is an extremely powerful rule and many questions at the exam rely on it. Make sure you fully master the concepts behind it!

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology