What should a solutions architect recommend to the team?

By:
In: SAA-C02
Tagged:
With: 2 Comments
A company is seeing access requests by some suspicious IP addresses.The security team discovers the requests are from different IP addresses under the same CIDR range.

What should a solutions architect recommend to the team?

Add a rule in the inbound table of the security to deny the traffic from that CIDR range.

Add a rule in the outbound table of the security group to deny the traffic from that CIDR range.

Add a deny rule in the inbound table of the network ACL with a lower number than other rules.

Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.

Explanations:

Security groups operate at the instance level, and adding a deny rule to the inbound security group would only affect traffic directly associated with that instance, not network-wide access.

Outbound rules in security groups control traffic leaving instances, not incoming traffic. Denying outbound traffic would not block incoming suspicious access requests.

Network ACLs control both inbound and outbound traffic at the subnet level. Adding a deny rule with a lower rule number in the inbound ACL would block traffic from the suspicious CIDR range before other rules are evaluated.

Outbound rules in network ACLs control outgoing traffic, but the goal is to block incoming suspicious traffic, not outgoing. Therefore, this option does not address the issue.

2026-03-20

2 Comments

  1. Lawrence
    Author

    I strategize that the answer is:
    Add a deny rule in the inbound table of the network ACL with a lower number than other rules.

  2. Charlotte
    Author

    From my perspective, the answer is:
    Add a deny rule in the inbound table of the network ACL with a lower number than other rules.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × 3 =