A company hosts multiple SAP applications on Amazon EC2 instances in a VPC. While monitoring the environment, the company notices that multiple port scans are attempting to connect to SAP portals inside the VPC. These port scans are originating from the same IP address block. The company must deny access to the VPC from all the offending IP addresses for the next 24 hours. Which solution will meet this requirement?

Topic #: - All AWS Certified SAP on AWS - Specialty PAS-C01 Questions

A. Modify network ACLs that are associated with all public subnets in the VPC to deny access from the IP address block. Most Voted
B. Add a rule in the security group of the EC2 instances to deny access from the IP address block.
C. Create a policy in AWS Identity and Access Management (IAM) to deny access from the IP address block.
D. Configure the firewall in the operating system of the EC2 instances to deny access from the IP address block.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion