AWS Certified Security – Specialty (SCS-C02) — Question 218

A company is testing incident response procedures for destination containment. The company needs to contain a critical Amazon EC2 instance as quickly as possible while keeping the EC2 instance running. The EC2 instance is the only resource in a public subnet and has active connections to other resources.

Which solution will contain the EC2 instance IMMEDIATELY?

Answer options

• A. Create a new security group that has no inbound rules or outbound rules. Attach the new security group to the EC2 instance.
• B. Configure the existing security group for the EC2 instance. Remove all existing inbound rules and outbound rules from the security group.
• C. Create a new network ACL that has a single Deny rule for inbound traffic and outbound traffic. Associate the new network ACL with the subnet that contains the EC2 instance.
• D. Create a new VPC for isolation. Stop the EC2 instance. Create a new AMI from the EC2 instance. Use the new AMI to launch a new EC2 instance in the new VPC.

Correct answer: C

Explanation

Creating a new network ACL with a Deny rule for both inbound and outbound traffic will immediately contain the EC2 instance by blocking all traffic to and from it. The other options either do not take effect immediately or require stopping the instance, which is not permissible in this scenario.