AWS Certified Solutions Architect – Associate (SAA-C02) — Question 103

A company is seeing access requests by some suspicious IP addresses. The security team discovers the requests are from different IP addresses under the same CIDR range.
What should a solutions architect recommend to the team?

Answer options

• A. Add a rule in the inbound table of the security to deny the traffic from that CIDR range.
• B. Add a rule in the outbound table of the security group to deny the traffic from that CIDR range.
• C. Add a deny rule in the inbound table of the network ACL with a lower number than other rules.
• D. Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.

Correct answer: C

Explanation

The correct answer is C because adding a deny rule in the inbound table of the network ACL with a lower number ensures that the rule takes precedence over other rules, effectively blocking the suspicious traffic. Options A and B would not apply since we need to block inbound traffic, and option D addresses outbound traffic, which is not the primary concern in this scenario.