I finished up my course and am doing practice tests for CLF-C01 exam and needed further clarification on this. To the point and explained it well. Liked and subscribed. I appreciate it!
I'm studying for the CLF-C01 exam, and in the materials, they state that the Security Group should be used at the instance level and NACL at the subnet level. Doing a practice exam, I've got this question: "How can a user block a suspicious IP address from connecting to an Amazon EC2 instance?" The appointed correct answer was: "Block the IP on the inbound rule of a network ACL" If the question mentions the EC2 instance, why then should an NACL be used instead of a Security Group? Thanks!
Hello my friend! Thank you for watching and thank you for the excellent question. You should imagine the Security Group attached to the virtual network interface of an EC2 machine. You should imagine the NACL attached to the subnet. Now - if you want to block an IP address from reaching an EC2 resource - you actually do have two options - you can do it at the virtual network card level (security group) or you could do it at the NACL level (the subnet). Notice something interesting about the subnet NACL approach - it only works to block traffic that is OUTSIDE of the subnet. If the "bad IP address" is already in the subnet - it would not be blocked by the NACL.
@@AnthonySequeira15626 Hi, and thank you for your answer! Continuing with my study, I came up with a different approach and understanding of the question. Since security groups only have "allow" rules and the question asks for "how to block access", it would be necessary to use NACL. Is this correct? Thank you again!
How it is virtual FW and allow traffic? i know you are correct that it is allow traffic, but how we can on it FW if it is allowing traffic? so what is the idea of it?
I finished up my course and am doing practice tests for CLF-C01 exam and needed further clarification on this. To the point and explained it well. Liked and subscribed. I appreciate it!
This is so great to hear - thank you so much!
Thanks!
Thank you so much!
short and to the point , and presentation with smile , great
Thank you so much Gita!
Great video, straight to the point. ENI to SG and Subnet to ACL. From individual instances to the overall VPC network.
Thank you so much!
Fuckin a this guy is bringing life back into me after reading official documentation
Must watch video who doesn't understand security groups and network ACLs
Thank you so much!
Thanks Anthony, great video. Quick and concise explanation delivered in an engaging way.
Thank you so much for watching and for commenting!
Excellent. Precise and clear explanation.
Thank you so much!!!!
Extremely helpful, thanks so much.
I'm so glad you found it helpful! Your support means a lot to me!
I'm studying for the CLF-C01 exam, and in the materials, they state that the Security Group should be used at the instance level and NACL at the subnet level.
Doing a practice exam, I've got this question: "How can a user block a suspicious IP address from connecting to an Amazon EC2 instance?"
The appointed correct answer was: "Block the IP on the inbound rule of a network ACL"
If the question mentions the EC2 instance, why then should an NACL be used instead of a Security Group? Thanks!
Hello my friend! Thank you for watching and thank you for the excellent question. You should imagine the Security Group attached to the virtual network interface of an EC2 machine. You should imagine the NACL attached to the subnet. Now - if you want to block an IP address from reaching an EC2 resource - you actually do have two options - you can do it at the virtual network card level (security group) or you could do it at the NACL level (the subnet). Notice something interesting about the subnet NACL approach - it only works to block traffic that is OUTSIDE of the subnet. If the "bad IP address" is already in the subnet - it would not be blocked by the NACL.
@@AnthonySequeira15626 Hi, and thank you for your answer! Continuing with my study, I came up with a different approach and understanding of the question. Since security groups only have "allow" rules and the question asks for "how to block access", it would be necessary to use NACL. Is this correct? Thank you again!
Short and to the point... Thanks.
You bet!
Thanks for this brief explanation in 2022.
Thank you so much for watching and for commenting!
How it is virtual FW and allow traffic? i know you are correct that it is allow traffic, but how we can on it FW if it is allowing traffic? so what is the idea of it?
I am struggling to understand your question - I am sorry. Both AWS Security Groups and NACLs can permit or deny traffic based on your settings.
Thanks so much, I am clear now difference between them. 👍
Thank you so much for watching and commenting! And so sorry I missed the comment for so long!
thanks Dear Anthony, you made it very clear.
You're very welcome
i know it's pretty off topic but does anybody know a good place to watch newly released series online?
@Cason Mohammed i would suggest flixzone. You can find it on google :)
👏👏👏 thank you so much it's so simple now!
Glad it helped!
awesome!!
Thank you so much!
Thank you for this!
Sir you look very similar to David bombal,
are you like... cousins ?
No - just old friends.
excellent - Thanks new subscriber
Thank you so much my friend!
Rubbish - could have given examples to better understand
Thanks for the feedback - I will strive to improve
Great video but your eyes are telling me to run away as fast as I can!
At least I am not banned from school zones yet. Shrug.
U got a sick mind, but you can still understand ACLs and SGs thanks to this man. I'd trust him more than you.