AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company operates a public-facing website on an Amazon EC2 instance that requires HTTPS access. The instance is managed via SSH, and it resides within a specific subnet for the website (10.0.1.0/24) and another subnet for management purposes (192.168.100.0/24). As a security engineer tasked with configuring the security group for this EC2 instance, which two actions would you take to ensure the most secure setup? (Select two options.)
Explanation:
To ensure secure access to the EC2 instance, port 443 (HTTPS) must be open to all traffic (0.0.0.0/0) to allow public access to the website. This is covered by option B. For management access using SSH, it is more secure to restrict it to the management subnet (192.168.100.0/24) rather than allowing access from everywhere. This is covered by option C. Therefore, the correct answers are B and C.