Amazon Exam PAS-C01 Topic 1 Question 52 Discussion

Actual exam question for Amazon's PAS-C01 exam

Question #: 52
Topic #: 1

A company hosts multiple SAP applications on Amazon EC2 instances in a VPC While monitoring the environment the company notices that multiple port scans are attempting to connect to SAP portals inside the VPC. These port scans are originating from the same IP address block. The company must deny access to the VPC from all the offending IP addresses for the next 24 hours.

Which solution win meet this requirement?

AModify network ACLs that are associated with all public subnets in the VPC to deny access from the IP address block

BAdd a rule in the security group of the EC2 instances to deny access from the IP address block

CCreate a policy in AWS identity and Access Management (1AM) to deny access from the IP address block

DConfigure the firewall m the operating system of the EC2 instances to deny access from the IP address block

Show Suggested Answer

Suggested Answer: C, D, F

https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/security.html https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/sap-monitoring.html

by Donte at Jan 22, 2025, 03:38 PM

Limited Time Offer

25%

Off

Get Premium PAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Louvenia

12 days ago

Option A seems like the way to go. Modifying the network ACLs for the public subnets is the most effective way to deny access from the offending IP address block across the entire VPC.

upvoted 0 times

...