Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from
a specific IP address block. Your security team has requested that all access from the offending IP address
block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address
block?

A.
Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP
address block

B.
Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address
block

C.
Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block

D.
Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in
that VPC to deny access from the IP address block

Explanation:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

57 Comments on “Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

  1. Sean Leans says:

    Hi! I just took the AWS-SysOps exam few days ago and luckily passed with 90% marks (the passing score is 65% now). I had 55 single choice and multiple choice questions in total, most of them were single answer questions. And, questions on Monitoring and Metrics,

    Deployment and Provisioning were not easy to answer, other questions on High Availability and Data Management and Analysis were very easy to get the correct answers.

    I learned valid AWS-SysOps dumps here — https://drive.google.com/open?id=0B-ob6L_QjGLpUWdPWXRHaERYWlU (recommend you to get the full version 310q AWS-SysOps dumps), all actual AWS-SysOps exam questions were from that 310q AWS-SysOps dumps.

    Good Luck, my cool guy!

    1. Mark says:

      I think that download is the biggest load of crap I have ever seen.

      There are MULTIPLE WRONG answers in there.

      BUYER BEWARE !!!!

    2. Kelvin Wong says:

      My advice is to take an online course like acloudguru (this is for knowledge) AND running through the questions (this is just to pass but you may still know nothing) in this site is enough to ensure a good passing mark

      1. BDA says:

        Advice taken, I’ve been using acloudguru both from Udemy and https://acloud.guru, and running through these questions. I also took a practice exam, and it has the same questions on the real Developer Associate exam, which I hope to pass this time.

      1. TFT says:
      2. TFT says:
      3. Domenico Daniele Celsa says:
      4. Rajeshwari says:
      5. sumit says:
      6. ashok says:
      7. Waqas Khan says:
      8. gfubon says:
      9. Akshara says:
      10. Lee says:
      11. Lee says:
    1. TFT says:
    2. sm says:
    3. Todd says:
    4. gunavardhan says:
  2. TFT says:
    1. Mohit Gadkari says:
  3. Ritu says:
  4. Mattia says:
  5. sam says:
  6. Manan Kapadia says:
  7. Anjusha says:
    1. Giuseppe says:
  8. Robert Bowen says:

    [Update]

    New AWS Certified SysOps Administrator – Associate Exam Questions and Answers Updated Recently (18/Feb/2016):

    NEW QUESTION 315
    Which services allow the customer to retain run administrative privileges or the undertying EC2 instances? (Choose two.)

    A. AWS Elastic Beanstalk
    B. Amazon Elastic Map Reduce
    C. Elastic Load Balancing
    D. Amazon Relational Database Service
    E. Amazon Elasti Cache

    Answer: AB

    NEW QUESTION 316
    When an EC2 instance mat is backed by an S3-Dased AMI is terminated, what happens to the data on the root volume?

    A. Data is automatically deleted
    B. Data is automatically saved as an EBS snapshot
    C. Data is unavailable until the instance is restarted
    D. Data is automatically saved as an EBS volume

    Answer: A

    NEW QUESTION 317
    How can you secure data at rest on an EBS volume?

    A. Encrypt the volume using the S3 server-side encryption service.
    B. Attach the volume to an instance using EC2’s SSL interface.
    C. Create an IAM policy that restricts read and write access to the volume.
    D. Write the data randomly instead of sequentially.
    E. Use an encrypted file system m top of the EBS volume.

    Answer: C

    NEW QUESTION 318
    In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the following list should you use?

    A. AWS Direct Connect
    B. Placement Groups
    C. VPC private subnets
    D. EC2 Dedicated Instances
    E. Multiple Availability Zones

    Answer: B
    Explanation:
    A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.

    NEW QUESTION 319
    Amazon EBS snapshots have which of the following two characteristics? (Choose two.)

    A. EBS snapshots only save incremental changes from snapshot to snapshot
    B. EBS snapshots can be created in real-time without stopping an EC2 instance
    C. EBS snapshots can only be restored to an EBS volume of the same size or smaller
    D. EBS snapshots can only be restored and mounted to an instance in the same Availability Zone as the original EBS volume

    Answer: AB

    NEW QUESTION 320
    You have a proprietary data store on-premises that must be backed up daily by dumping the data store contents to a single compressed 50GB file and sending the file to AWS. Your SLAs state that any dump file backed up within the past 7 days can be retrieved within 2 hours. Your compliance department has stated that all data must be held indefinitely. The time required to restore the data store from a backup is approximately 1 hour. Your on-premise network connection is capable of sustaining 1gbps to AWS. Which backup methods to AWS would be most cost-effective while still meeting all of your requirements?

    A. Send the daily backup files to Glacier immediately after being generated
    B. Transfer the daily backup files to an EBS volume in AWS and take daily snapshots of the volume
    C. Transfer the daily backup files to S3 and use appropriate bucket lifecycle policies to send to Glacier
    D. Host the backup files on a Storage Gateway with Gateway-Cached Volumes and take daily snapshots

    Answer: C
    Explanation:
    Because in the stored volume mode, you are storing data locally, the binary-compressed format is already available, and the bandwidth of your AWS connection meets the 7days/2hour SLA.

    NEW QUESTION 321
    ……

    NEW QUESTION 324
    You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from pre-defined customer IP addresses. Which two options meet this security requirement? (Choose two.)

    A. Configure web server VPC security groups to allow traffic from your customers’ IPs
    B. Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header
    C. Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic
    D. Configure a VPC NACL to allow web traffic from your customers’ IPs and deny all outbound traffic

    Answer: AB

    NEW QUESTION 325
    How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

    A. Query the local instance metadata.
    B. Query the appropriate Amazon CloudWatch metric.
    C. Query the local instance userdata.
    D. Use ipconfig or ifconfig command.

    Answer: A

    NEW QUESTION 326
    The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US must not leave the US without explicit authorization. What must you do to comply with this requirement for a web based profile management application running on EC2?

    A. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile
    B. Run EC2 instances in multiple Regions and leverage Route 53’s Latency Based Routing capabilities to route traffic to the appropriate region to create their profile
    C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile
    D. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile

    Answer: C

    NEW QUESTION 327
    ……

    NEW QUESTION 328
    In AWS, which security aspects are the customer’s responsibility? (Choose four.)

    A. Controlling physical access to compute resources
    B. Patch management on the EC2 instance s operating system
    C. Encryption of EBS (Elastic Block Storage) volumes
    D. Life-cycle management of IAM credentials
    E. Decommissioning storage devices
    F. Security Group and ACL (Access Control List) settings

    Answer: BCDF

    NEW QUESTION 329
    ……

    NEW QUESTION 330
    What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?

    A. The IP of the primary DB Instance is switched to the standby DB Instance.
    B. A new DB instance is created in the standby availability zone.
    C. The canonical name record (CNAME) is changed from primary to standby.
    D. The RDS (Relational Database Service) DB instance reboots.

    Answer: C

    NEW QUESTION 331
    ……

    P.S. These New AWS Certified SysOps Administrator – Associate Exam Questions Were Just Updated From The Real AWS Certified SysOps Administrator – Associate Exam, You Can Get The Newest AWS Certified SysOps Administrator – Associate Dumps In PDF And VCE From — http://www.passleader.com/aws-sysops.html (332q VCE and PDF)

    Good Luck!

  9. Robert Bowen says:

    New AWS Certified SysOps Administrator – Associate Exam Questions and Answers Updated Recently (18/Feb/2016):

    NEW QUESTION 315
    Which services allow the customer to retain run administrative privileges or the undertying EC2 instances? (Choose two.)

    A. AWS Elastic Beanstalk
    B. Amazon Elastic Map Reduce
    C. Elastic Load Balancing
    D. Amazon Relational Database Service
    E. Amazon Elasti Cache

    Answer: AB

    NEW QUESTION 316
    When an EC2 instance mat is backed by an S3-Dased AMI is terminated, what happens to the data on the root volume?

    A. Data is automatically deleted
    B. Data is automatically saved as an EBS snapshot
    C. Data is unavailable until the instance is restarted
    D. Data is automatically saved as an EBS volume

    Answer: A

    NEW QUESTION 317
    How can you secure data at rest on an EBS volume?

    A. Encrypt the volume using the S3 server-side encryption service.
    B. Attach the volume to an instance using EC2’s SSL interface.
    C. Create an IAM policy that restricts read and write access to the volume.
    D. Write the data randomly instead of sequentially.
    E. Use an encrypted file system m top of the EBS volume.

    Answer: C

    NEW QUESTION 318
    In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the following list should you use?

    A. AWS Direct Connect
    B. Placement Groups
    C. VPC private subnets
    D. EC2 Dedicated Instances
    E. Multiple Availability Zones

    Answer: B
    Explanation:
    A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.

    NEW QUESTION 319
    Amazon EBS snapshots have which of the following two characteristics? (Choose two.)

    A. EBS snapshots only save incremental changes from snapshot to snapshot
    B. EBS snapshots can be created in real-time without stopping an EC2 instance
    C. EBS snapshots can only be restored to an EBS volume of the same size or smaller
    D. EBS snapshots can only be restored and mounted to an instance in the same Availability Zone as the original EBS volume

    Answer: AB

    NEW QUESTION 320
    You have a proprietary data store on-premises that must be backed up daily by dumping the data store contents to a single compressed 50GB file and sending the file to AWS. Your SLAs state that any dump file backed up within the past 7 days can be retrieved within 2 hours. Your compliance department has stated that all data must be held indefinitely. The time required to restore the data store from a backup is approximately 1 hour. Your on-premise network connection is capable of sustaining 1gbps to AWS. Which backup methods to AWS would be most cost-effective while still meeting all of your requirements?

    A. Send the daily backup files to Glacier immediately after being generated
    B. Transfer the daily backup files to an EBS volume in AWS and take daily snapshots of the volume
    C. Transfer the daily backup files to S3 and use appropriate bucket lifecycle policies to send to Glacier
    D. Host the backup files on a Storage Gateway with Gateway-Cached Volumes and take daily snapshots

    Answer: C
    Explanation:
    Because in the stored volume mode, you are storing data locally, the binary-compressed format is already available, and the bandwidth of your AWS connection meets the 7days/2hour SLA.

    NEW QUESTION 321
    ……

    NEW QUESTION 324
    You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from pre-defined customer IP addresses. Which two options meet this security requirement? (Choose two.)

    A. Configure web server VPC security groups to allow traffic from your customers’ IPs
    B. Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header
    C. Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic
    D. Configure a VPC NACL to allow web traffic from your customers’ IPs and deny all outbound traffic

    Answer: AB

    NEW QUESTION 325
    How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

    A. Query the local instance metadata.
    B. Query the appropriate Amazon CloudWatch metric.
    C. Query the local instance userdata.
    D. Use ipconfig or ifconfig command.

    Answer: A

    NEW QUESTION 326
    The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US must not leave the US without explicit authorization. What must you do to comply with this requirement for a web based profile management application running on EC2?

    A. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile
    B. Run EC2 instances in multiple Regions and leverage Route 53’s Latency Based Routing capabilities to route traffic to the appropriate region to create their profile
    C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile
    D. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile

    Answer: C

    NEW QUESTION 327
    ……

    NEW QUESTION 328
    In AWS, which security aspects are the customer’s responsibility? (Choose four.)

    A. Controlling physical access to compute resources
    B. Patch management on the EC2 instance s operating system
    C. Encryption of EBS (Elastic Block Storage) volumes
    D. Life-cycle management of IAM credentials
    E. Decommissioning storage devices
    F. Security Group and ACL (Access Control List) settings

    Answer: BCDF

    NEW QUESTION 329
    ……

    NEW QUESTION 330
    What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?

    A. The IP of the primary DB Instance is switched to the standby DB Instance.
    B. A new DB instance is created in the standby availability zone.
    C. The canonical name record (CNAME) is changed from primary to standby.
    D. The RDS (Relational Database Service) DB instance reboots.

    Answer: C

    NEW QUESTION 331
    ……

    P.S. These New AWS Certified SysOps Administrator – Associate Exam Questions Were Just Updated From The Real AWS Certified SysOps Administrator – Associate Exam, You Can Get The Newest AWS Certified SysOps Administrator – Associate Dumps In PDF And VCE From — http://bit.ly/2lmhLtB (332q VCE and PDF)

    Good Luck!

  10. Ariadna Duran says:

    New AWS Certified SysOps Administrator – Associate Exam Questions Updated Recently (18/Feb/2016):

    NEW QUESTION 315
    Which services allow the customer to retain run administrative privileges or the undertying EC2 instances? (Choose two.)

    A. AWS Elastic Beanstalk
    B. Amazon Elastic Map Reduce
    C. Elastic Load Balancing
    D. Amazon Relational Database Service
    E. Amazon Elasti Cache

    Answer: AB

    NEW QUESTION 316
    When an EC2 instance mat is backed by an S3-Dased AMI is terminated, what happens to the data on the root volume?

    A. Data is automatically deleted
    B. Data is automatically saved as an EBS snapshot
    C. Data is unavailable until the instance is restarted
    D. Data is automatically saved as an EBS volume

    Answer: A

    NEW QUESTION 317
    How can you secure data at rest on an EBS volume?

    A. Encrypt the volume using the S3 server-side encryption service.
    B. Attach the volume to an instance using EC2’s SSL interface.
    C. Create an IAM policy that restricts read and write access to the volume.
    D. Write the data randomly instead of sequentially.
    E. Use an encrypted file system m top of the EBS volume.

    Answer: C

    NEW QUESTION 318
    ……

    NEW QUESTION 319
    Amazon EBS snapshots have which of the following two characteristics? (Choose two.)

    A. EBS snapshots only save incremental changes from snapshot to snapshot
    B. EBS snapshots can be created in real-time without stopping an EC2 instance
    C. EBS snapshots can only be restored to an EBS volume of the same size or smaller
    D. EBS snapshots can only be restored and mounted to an instance in the same Availability Zone as the original EBS volume

    Answer: AB

    NEW QUESTION 320
    You have a proprietary data store on-premises that must be backed up daily by dumping the data store contents to a single compressed 50GB file and sending the file to AWS. Your SLAs state that any dump file backed up within the past 7 days can be retrieved within 2 hours. Your compliance department has stated that all data must be held indefinitely. The time required to restore the data store from a backup is approximately 1 hour. Your on-premise network connection is capable of sustaining 1gbps to AWS. Which backup methods to AWS would be most cost-effective while still meeting all of your requirements?

    A. Send the daily backup files to Glacier immediately after being generated
    B. Transfer the daily backup files to an EBS volume in AWS and take daily snapshots of the volume
    C. Transfer the daily backup files to S3 and use appropriate bucket lifecycle policies to send to Glacier
    D. Host the backup files on a Storage Gateway with Gateway-Cached Volumes and take daily snapshots

    Answer: C
    Explanation:
    Because in the stored volume mode, you are storing data locally, the binary-compressed format is already available, and the bandwidth of your AWS connection meets the 7days/2hour SLA.

    NEW QUESTION 321
    ……

    NEW QUESTION 324
    You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from pre-defined customer IP addresses. Which two options meet this security requirement? (Choose two.)

    A. Configure web server VPC security groups to allow traffic from your customers’ IPs
    B. Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header
    C. Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic
    D. Configure a VPC NACL to allow web traffic from your customers’ IPs and deny all outbound traffic

    Answer: AB

    NEW QUESTION 325
    How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

    A. Query the local instance metadata.
    B. Query the appropriate Amazon CloudWatch metric.
    C. Query the local instance userdata.
    D. Use ipconfig or ifconfig command.

    Answer: A

    NEW QUESTION 326
    ……

    NEW QUESTION 328
    In AWS, which security aspects are the customer’s responsibility? (Choose four.)

    A. Controlling physical access to compute resources
    B. Patch management on the EC2 instance s operating system
    C. Encryption of EBS (Elastic Block Storage) volumes
    D. Life-cycle management of IAM credentials
    E. Decommissioning storage devices
    F. Security Group and ACL (Access Control List) settings

    Answer: BCDF

    NEW QUESTION 329
    ……

    NEW QUESTION 330
    What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?

    A. The IP of the primary DB Instance is switched to the standby DB Instance.
    B. A new DB instance is created in the standby availability zone.
    C. The canonical name record (CNAME) is changed from primary to standby.
    D. The RDS (Relational Database Service) DB instance reboots.

    Answer: C

    NEW QUESTION 331
    ……

    These New AWS Certified SysOps Administrator – Associate Exam Questions Were Just Updated From The Real AWS Certified SysOps Administrator – Associate Exam, You Can Get The Newest AWS Certified SysOps Administrator – Associate Dumps In PDF And VCE From — http://www.passleader.com/aws-sysops.html (332q VCE and PDF)

    Good Luck!


Leave a Reply

Your email address will not be published. Required fields are marked *