AWS Certified SysOps Administrator Practice Exam

How can Network Access Control Lists (ACL) and Security Groups (SG) be configured to allow access between VPCs?

• A. By allowing inbound traffic in the Security Group of VPC2 only.
• B. By default, Network ACLs allow no inbound traffic.
• C. By configuring the Security Group of instances in VPC1 to allow inbound traffic from VPC2.
• D. By configuring the Security Group of instances in VPC2 to allow all traffic.

The correct answer is: By configuring the Security Group of instances in VPC1 to allow inbound traffic from VPC2.

The correct choice highlights the necessity of configuring the Security Group of instances in VPC1 to allow inbound traffic from VPC2. This is essential for enabling communication between resources located in different Virtual Private Clouds (VPCs). When setting up communication between VPCs, especially those that are peered, each VPC’s security groups must explicitly allow the inbound traffic from the other VPC. Security Groups are stateful, meaning that if an inbound rule allows traffic from VPC2 to VPC1, the response traffic will automatically be allowed back without needing an outbound rule. Thus, by setting up the appropriate rules in the Security Group of instances in VPC1, you establish a pathway for the necessary traffic to flow. It’s also important for configurations in VPC2 to permit outbound traffic back to VPC1; however, the context of this question specifically emphasizes the role of VPC1’s Security Group rules in facilitating this inter-VPC communication. Security groups act like virtual firewalls, and any connection attempt that does not conform to the rules defined within these groups will be denied. In summary, configuring the Security Group in VPC1 to allow inbound traffic from VPC2 ensures that the necessary permissions are in place to