🔥 3-day streak
CompTIA Cloud+ (CV0-004)129 / 150
Question 129 of 150
A cloud security engineer must block a specific malicious external IP address from reaching any resource within a VPC subnet that hosts multiple EC2 instances. Because security groups only support allow rules and cannot explicitly deny traffic from a single IP, the engineer needs a stateless filtering mechanism applied at the subnet boundary. Which control should be configured to accomplish this?
Reviewed for accuracy · Report an issueNext question