AWS-SysOps Question 21:
Your entire AWS infrastructure lives inside of one Amazon VPC Y ou have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the re- gion, and another application instance running in AZ B. The monitoring applicatio n needs to make use of ICMP ping to confirm network reachability of the instance hosting the applic ation. Can you configure the security groups for these instances to only allow the ICMP ping to pass from th e monitoringinstance to the application instance and nothing else'' If so how?
A. No Two instances in two different AZ's can't talk directly to each other via ICMP ping as that protocol is not allowed across subnet (iebroadcast) boundaries
B. Yes Both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP
C. Yes, The security group for the monitoring instance needs to allow outbound ICMP and the application instance's security group needs to allow Inbound ICMP
D. Yes, Both the monitoring instance's security group and the ap plication instance's security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connec- tion-oriented protocol
Correct Answer: D
Therefore, a four-engine jumbo jet can create 640 terabytes of information on a single trans-Atlantic flight. On daily basis, there are roughly 25,000 flights.This is great blog. If you want to know more about this visit here AWS Cloud Certified.
ReplyDelete