AWS Certified SysOps Administrator – Associate (legacy) — Question 585

Can you change the security groups associated with the primary network interface (eth0) of an EC2 instance running inside a VPC?

Answer options

• A. Yes
• B. Only if the instance is stopped
• C. Only when the instance is launched
• D. No

Correct answer: A

Explanation

AWS allows you to dynamically change the security groups associated with any network interface, including the primary interface (eth0), of a running or stopped EC2 instance in a VPC. These changes take effect immediately without requiring an instance reboot or shutdown. Therefore, options B, C, and D are incorrect because they place unnecessary restrictions on when these modifications can occur.