Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

My AWS Solutions Architect Associate > Security Groups > Flashcards

Security Groups Flashcards

1
Q

How do security groups behave by default?

A
  • Do not allow any inbound traffic
  • Allow all types of outbound traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Groups

A

Operate at the instance layer
Firewalls for the instance
Control inbound and outbound traffic
If an AWS service involves instances, it also supports security groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a security group composed of?

A
  • Traffic type (ssh, rdp)
  • Internet protocol (tcp or udp)
  • Port range
  • Origin of traffic for inbound rules
  • Destination of traffic for outbound rules
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How are origins and destinations defined?

A

IP address, IP address range, or security group ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do security group rules work?

A
  • You can only create rules that allow traffic to pass in
  • Traffic parameters that do not match any security group rules are automatically denied
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Are security group rules stateless?

A

No. Stateful. If you send a request from your instance, response traffic for that request is allowed to flow in regardless of inbound rules
- Responses to allowed inbound traffic are allowed to flow out regardless of outbound rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What IP address should you use for rules between VPC instances?

A

Private IP, not public IP or elastic IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are security groups associated with?

A

Network interfaces, not the instances themselves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are security groups bound to?

A
  • Network interfaces and security groups are bound to the VPC they are launched in so they cannot be used for other VPCs
  • Security groups belonging to a different VPC can be referenced as the origin or destination of a rule for a peered VPC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What level do ACLs operate in?

A

Subnet layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What do ACL rules consist of?

A

Rule number, traffic type, protocol, port range, source for inbound, destination for outbound, and allow or deny setting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What’s the significance of rule numbering?

A

Rules are evaluated starting with the lowest rule number. As soon as a rule matches, it’s applied regardless of any higher number rules that might contradict it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

NACL

A

Network Access Control Lists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What happens if no rule matches?

A

Traffic is denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Are NACLs stateless?

A

Yes, they are stateless. Sources and destinations need to be allowed on both inbound and outbound

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What’s the default behavior of a NACL?

A

Every VPC comes with a default NACL which allows all inbound and outbound traffic

17
Q

What’s the default behavior of a custom NACL?

A

Denies all inbound and outbound traffic until you add rules

18
Q

Can a subnet be associated with multiple ACLs?

A

No, but an ACL can be associated with multiple subnets

My AWS Solutions Architect Associate (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions