Questions

Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from
a specific IP address block. Your security team has requested that all access from the offending IP address
block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address
block?

A.
Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP
address block

B.
Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address
block

C.
Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block

D.
Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in
that VPC to deny access from the IP address block

Explanation:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

Discussion

19 Responses to “Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?”

  1. VIVEK AGARWAL says:

    B

  2. Seth says:

    Agree with VIvek

  3. Sean Leans says:

    Hi! I just took the AWS-SysOps exam few days ago and luckily passed with 90% marks (the passing score is 65% now). I had 55 single choice and multiple choice questions in total, most of them were single answer questions. And, questions on Monitoring and Metrics,

    Deployment and Provisioning were not easy to answer, other questions on High Availability and Data Management and Analysis were very easy to get the correct answers.

    I learned valid AWS-SysOps dumps here — https://drive.google.com/open?id=0B-ob6L_QjGLpUWdPWXRHaERYWlU (recommend you to get the full version 310q AWS-SysOps dumps), all actual AWS-SysOps exam questions were from that 310q AWS-SysOps dumps.

    Good Luck, my cool guy!

    • Seth says:

      Thanks Sean!

    • Seth says:

      Actually I take my thanks back. Your comment seems like an advertisement.

    • Mark says:

      I think that download is the biggest load of crap I have ever seen.

      There are MULTIPLE WRONG answers in there.

      BUYER BEWARE !!!!

    • Kelvin Wong says:

      My advice is to take an online course like acloudguru (this is for knowledge) AND running through the questions (this is just to pass but you may still know nothing) in this site is enough to ensure a good passing mark

      • BDA says:

        Advice taken, I’ve been using acloudguru both from Udemy and https://acloud.guru, and running through these questions. I also took a practice exam, and it has the same questions on the real Developer Associate exam, which I hope to pass this time.

    • HelloWorld says:

      Scam. The passleader test seems to be an exact copy of aiotestking data. Nice try buddy

  4. Gig says:

    Answer is B. ACL can have deny statements.

    Security groups only have allow statements, no deny so C is wrong.

  5. TFT says:

    Hi,

    Are the Q&A are still valid to Pass sysops-Admin

  6. nyara says:

    questions are revised but few older questions are still there especially from SA

  7. ram says:

    Yeah I experienced the same, they revised the questions. Couldnt clear on the first attempt.

  8. christopher says:

    You have decided to change the Instance type for instances running In your application tier that are using Auto Scaling. In which area below would you change the instance type definition?

    A. Auto Scaling launch configuration
    B. Auto Scaling group
    C. Auto Scaling policy
    D. Auto Scaling tags

    Answer: A
    http://www.dumps4download.com/aws-sysops-dumps.html

  9. Leonardo gialluisi says:

    Yeah,revised.But deep look into Cloudwatch,ASG,ELB,VPC may help.
    And questions here are good read.

  10. TFT says:

    Where I can find a valid Sysops Questions dump ?

  11. Anuj says:

    what is your Email ?

Leave a Reply