Virtual Private Cloud Quiz
A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet created with default ACL settings. The IT Security department has identified a DoS attack from a suspecting IP. How can you protect the subnets from this attack?
A. Change the Inbound Security Groups to deny access from the suspecting IP.
B. Change the Outbound Security Groups to deny access from the suspecting IP.
C. Change the Inbound NACL to deny access from the suspecting IP.
D. Change the Outbound NACL to deny access from the suspecting IP.
C. Change the Inbound NACL to deny access from the suspecting IP.
Option A and B are invalid because the Security Groups already block traffic by default. You can use NACL’s as an additional security layer for the subnet to deny traffic.
Option D is invalid since just changing the Inbound Rules is sufficient.
AWS Documentation mentions the following:
A Network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.
For more information on Network Access Control Lists, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html
