AWS Certified Advanced Networking Specialty Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the AWS Certified Advanced Networking Specialty Exam with detailed flashcards and multiple-choice questions. Each question includes hints and explanations. Ace your exam with confidence!

Practice this question and more.

What might prevent instance B from being pinged by other instances in the VPC when using a new security group?

The default rules allow traffic only from the same security group
Instance B is misconfigured
There is a network ACL blocking ICMP traffic
Routing tables are not set correctly

The correct answer is: The default rules allow traffic only from the same security group

The correct answer is related to how security groups function within an Amazon VPC. In AWS, security groups are stateful firewalls that control inbound and outbound traffic to instances. When a new security group is created, it default allows all outbound traffic but does not allow inbound traffic unless specified. If the security group's inbound rules are not configured to allow ICMP traffic (which is the protocol used for pinging), instance B will not be reachable via ping from other instances in the VPC. The default security group rules essentially mean that unless explicitly allowed, instances in different security groups cannot communicate with each other. This leads to visibility issues between instances when they rely solely on the default configuration of the new security group. While things like misconfiguration of instance B, network ACL settings, or incorrect routing tables can potentially cause communication issues, the crucial factor in this particular scenario directly pertains to the security group settings and the default behavior of allowing communication only under specified conditions. Thus, understanding the behavior of default security group rules is key to troubleshooting this type of connectivity problem in a VPC environment.