AWS Certified SysOps Administrator – Associate (legacy) — Question 170

A user has configured two security groups which allow traffic as given below:
1: SecGrp1:
Inbound on port 80 for 0.0.0.0/0
Inbound on port 22 for 0.0.0.0/0
2: SecGrp2:
Inbound on port 22 for 10.10.10.1/32
If both the security groups are associated with the same instance, which of the below mentioned statements is true?

Answer options

• A. It is not possible to have more than one security group assigned to a single instance
• B. It allows inbound traffic for everyone on both ports 22 and 80
• C. It is not possible to create the security group with conflicting rules. AWS will reject the request
• D. It allows inbound traffic on port 22 for IP 10.10.10.1 and for everyone else on port 80

Correct answer: B

Explanation

The correct answer is B because SecGrp1 permits inbound access on port 80 for all IPs and port 22 for all IPs, which means anyone can access both ports. Option A is incorrect as multiple security groups can be assigned to an instance. Option C is false since AWS allows creating security groups with different rules. Option D is misleading as it implies restrictions that do not exist with the given configurations.