Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE7_PBC-7.2 Topic 3 Question 36 Discussion

Actual exam question for Fortinet's NSE7_PBC-7.2 exam
Question #: 36
Topic #: 3
[All NSE7_PBC-7.2 Questions]

What are two main features in Amazon Web Services (AWS) network access control lists (ACLs)? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

B . The default network ACL is configured to allow all traffic.This means that when you create a VPC, AWS automatically creates a default network ACL for that VPC, and associates it with all the subnets in the VPC1.By default, the default network ACL allows all inbound and outbound IPv4 traffic and, if applicable, IPv6 traffic1.You can modify the default network ACL, but you cannot delete it1. C. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.This means that network ACLs do not keep track of the traffic that they allow or deny, and they evaluate each packet separately1.Therefore, you need to create both inbound and outbound rules for each type of traffic that you want to allow or deny1.For example, if you want to allow SSH traffic from a specific IP address to your subnet, you need to create an inbound rule to allow TCP port 22 from that IP address, and an outbound rule to allow TCP port 1024-65535 (the ephemeral ports) to that IP address2.

The other options are incorrect because:

You can use network ACL and security group at the same time.Network ACL and security group are two different types of security layers for your VPC that can work together to control traffic3.Network ACL acts as a firewall for your subnets, while security group acts as a firewall for your instances3. You can use both of them to create a more granular and effective security policy for your VPC.

Network ACLs are not tied to an instance.Network ACLs are associated with subnets, not instances1.This means that network ACLs apply to all the instances in the subnets that they are associated with1. You cannot associate a network ACL with a specific instance.However, you can associate a security group with a specific instance or multiple instances3.


Contribute your Thoughts:

Tu
1 days ago
C and B seem like the right answers to me. Network ACLs are definitely stateless, and the default one allows all traffic. Gotta love that AWS simplicity!
upvoted 0 times
...

Save Cancel