Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

By:
In: SOA-C01
Tagged:
With: 1 Comment
You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block.Your security team has requested that all access from the offending IP address block be denied for the next 24 hours.

Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block

Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block

Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block

Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Explanations:

An AD policy targeting Windows Firewall would require setup time, only affects Windows-based instances, and doesn’t cover non-Windows resources in the VPC.

Network ACLs are stateless, can be quickly modified to deny specific IP blocks, and apply at the subnet level, covering all resources in the VPC.

Security Groups are stateful and do not support explicit deny rules, so they cannot block specific IP addresses effectively in this context.

Modifying AMI Windows Firewall settings would require updating individual instances, is time-consuming, and may not apply to existing instances.

2025-10-02

1 Comment

  1. Jack
    Author

    I conclude that the answer is:
    Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty − 5 =