AWS Solutions Architect Associate Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Study for the AWS Solutions Architect Associate Test. Our comprehensive quiz offers multiple-choice questions that replicate the exam environment. Benefit from detailed explanations and hints. Prepare confidently for your AWS certification exam!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


Which of the following statements is accurate regarding security groups for web-facing subnets in AWS?

  1. Amazon recommends leaving all security groups open on port 22 to 0.0.0.0/0 CIDR

  2. It is recommended to keep port 22 closed for security purposes

  3. All security groups must be restricted to known IP addresses

  4. Security groups do not allow SSH access by default

The correct answer is: It is recommended to keep port 22 closed for security purposes

The recommendation to keep port 22 closed for security purposes is based on best practices in securing web-facing resources on AWS. Port 22 is primarily used for SSH (Secure Shell) access, which is essential for managing servers securely. However, leaving this port open to all IP addresses (0.0.0.0/0) can expose your instance to potential attacks and unauthorized access attempts. By keeping port 22 closed, or at least restricted to known IP addresses, you significantly reduce the attack surface of your resources. It is essential to configure security groups carefully to allow SSH access only from trusted IP addresses. This practice helps ensure that only authorized users can access your instances while minimizing risk. Moreover, while security groups are flexible, the principle of least privilege should always guide your configurations. For security-critical services like SSH, limiting access to specific IP addresses enhances security and compliance within your cloud infrastructure.