AWS Certified SysOps Administrator – Associate (legacy) — Question 905

An Amazon EC2 instance is in a private subnet. To SSH to the instance, it is required to use a bastion host that has an IP address of 10.0.0.5. SSH logs on the
EC2 instance in the private subnet show that connections are being made over SSH from several other IP addresses. The EC2 instance currently has the following inbound security group rules applied:

Protocol: TCP -

Port: 22 -

Source: 10.0.0.5/32 -

Protocol: TCP -

Port: 22 -

Source: sg-xxxxxxxx -

Protocol: TCP -

Port: 389 -

Source: 0.0.0.0/0 -
What is the MOST likely reason that another IP addresses is able to SSH to the EC2 instance?

Answer options

• A. The rule with 0.0.0.0/0 means SSH is open for any client to connect
• B. The rule with /32 is not limiting to a single IP address
• C. Any instance belonging to sg-xxxxxxxx is allowed to connect
• D. There is an outbound rule allowing SSH traffic

Correct answer: C

Explanation

The inbound rule for port 22 (SSH) referencing the security group 'sg-xxxxxxxx' as the source allows any network interface associated with that security group to connect, which explains why multiple different IP addresses are successfully establishing SSH connections. The rule with '0.0.0.0/0' only applies to port 389 (LDAP) and does not open port 22, while a '/32' CIDR block strictly limits traffic to a single IP address. Additionally, security groups are stateful, meaning outbound rules do not dictate which inbound connections are allowed to initiate.