AWS Certified Solutions Architect – Professional — Question 56

A user has configured two security groups which allow traffic as given below: 1: SecGrp1:
Inbound on port 80 for 0.0.0.0/0 Inbound on port 22 for 0.0.0.0/0 2: SecGrp2:
Inbound on port 22 for 10.10.10.1/32
If both the security groups are associated with the same instance, which of the below mentioned statements is true?

Answer options

• A. It is not possible to have more than one security group assigned to a single instance
• B. It is not possible to create the security group with conflicting rules. AWS will reject the request
• C. It allows inbound traffic for everyone on both ports 22 and 80
• D. It allows inbound traffic on port 22 for IP 10.10.10.1 and for everyone else on port 80

Correct answer: C

Explanation

The correct answer is C because SecGrp1 allows inbound traffic on both ports 22 and 80 from any IP address, and SecGrp2 does not restrict access for port 80. Options A and B are incorrect as multiple security groups can be assigned and AWS does allow conflicting rules. Option D is also incorrect as it does not account for the open access on port 80.