AWS Certified SysOps Administrator SOA-C01 – Question488

A user has configured two security groups which allow traffic as given below:
1: SecGrp1: Inbound on port 80 for 0.0.0.0/0 Inbound on port 22 for 0.0.0.0/0
2: SecGrp2: Inbound on port 22 for 10.10.10.1/32
If both the security groups are associated with the same instance, which of the below mentioned statements is true?

A.
It is not possible to have more than one security group assigned to a single instance
B. It allows inbound traffic for everyone on both ports 22 and 80
C. It is not possible to create the security group with conflicting rules. AWS will reject the request
D. It allows inbound traffic on port 22 for IP 10.10.10.1 and for everyone else on port 80

Correct Answer: B

Explanation:

Explanation: A user can attach more than one security group to a single EC2 instance. In this case, the rules from each security group are effectively aggregated to create one set of rules. AWS uses this set of rules to determine whether to allow access or not. Thus, here the rule for port 22 with IP 10.10.10.1/32 will merge with IP 0.0.0.0/0 and open ports 22 and 80 for all. Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-se…