AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
A company operates a workload in a single VPC on AWS, utilizing interface VPC endpoints for services such as Amazon CloudWatch Logs and AWS Key Management Service (AWS KMS). These endpoints share a security group that is not used by any other workloads or resources. Following a security review, the company identified that the shared security group is overly permissive and aims to tighten its rules without disrupting access to AWS services through the interface VPC endpoints, while eliminating unnecessary access.
The current security group rules are as follows:
-
Inbound - Rule 1
Protocol: TCP
Port: 443
Source: 0.0.0.0/0
-
Inbound - Rule 2
Protocol: TCP
Port: 443
Source: VPC CIDR
-
Outbound - Rule 1
Protocol: All
Port: All
Destination: 0.0.0.0/0
Which rule or rules should the company remove to meet these requirements?
A company operates a workload in a single VPC on AWS, utilizing interface VPC endpoints for services such as Amazon CloudWatch Logs and AWS Key Management Service (AWS KMS). These endpoints share a security group that is not used by any other workloads or resources. Following a security review, the company identified that the shared security group is overly permissive and aims to tighten its rules without disrupting access to AWS services through the interface VPC endpoints, while eliminating unnecessary access.
The current security group rules are as follows:
-
Inbound - Rule 1
Protocol: TCP
Port: 443
Source: 0.0.0.0/0 -
Inbound - Rule 2
Protocol: TCP
Port: 443
Source: VPC CIDR -
Outbound - Rule 1
Protocol: All
Port: All
Destination: 0.0.0.0/0
Which rule or rules should the company remove to meet these requirements?