A company deployed an Amazon EC2 instance to a VPC on AWS. A recent alert indicates that the EC2 instance is receiving a suspicious number of requests over an open TCP port from an external source. The TCP port remains open for long periods of time. The company's security team needs to stop all activity to this port from the external source to ensure that the EC2 instance is not being compromised. The application must remain available to other users. Which solution will meet these requirements?
A) Update the network ACL that is attached to the subnet that is associated with the EC2 instance. Add a Deny statement for the port and the source IP addresses.
B) Update the elastic network interface security group that is attached to the EC2 instance to remove the port from the inbound rule list.
C) Update the elastic network interface security group that is attached to the EC2 instance by adding a Deny entry in the inbound list for the port and the source IP addresses.
D) Create a new network ACL for the subnet. Deny all traffic from the EC2 instance to prevent data from being removed.
Correct Answer:
Verified
Q282: A security engineer must develop an encryption
Q283: A company has a serverless application for
Q284: A company's on-premises networks are connected to
Q285: A company stores images for a website
Q286: A development team is using an AWS
Q288: A company is using AWS Organizations to
Q289: Example.com is hosted on Amazon EC2 instance
Q290: Unapproved changes were previously made to a
Q291: A company has implemented AWS WAF and
Q292: Amazon GuardDuty has detected communications to a
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents