AWS Certified Security – Specialty — Question 40

A Security Engineer launches two Amazon EC2 instances in the same Amazon VPC but in separate Availability Zones. Each instance has a public IP address and is able to connect to external hosts on the internet. The two instances are able to communicate with each other by using their private IP addresses, but they are not able to communicate with each other when using their public IP addresses.
Which action should the Security Engineer take to allow communication over the public IP addresses?

Answer options

• A. Associate the instances to the same security groups.
• B. Add 0.0.0.0/0 to the egress rules of the instance security groups.
• C. Add the instance IDs to the ingress rules of the instance security groups.
• D. Add the public IP addresses to the ingress rules of the instance security groups.

Correct answer: D

Explanation

The correct answer is D because adding the public IP addresses to the ingress rules of the security groups allows the instances to accept traffic from each other over their public IP addresses. Options A, B, and C do not directly resolve the issue since they either restrict connectivity or do not address the need for specific public IP address permissions.