Question

An organization runs several EC2 instances inside a VPC using three subnets, one for Development, one for Test and one for Production. The Security team has some concerns about the VPC configuration. It requires to restrict the communication across the EC2 instances using Security Groups. Which of the following options is true for Security Groups?

A. You can change a Security Group associated to an instance if the instance state is stopped or running.

B. You can change a Security Group associated to an instance if the instance state is stopped but not if the instance state is running.

C. You can change a Security Group only if there are no instances associated to it.

D. The only Security Group you can change is the Default Security Group.

E. None of the above

Answer 1

Answer: A.

Option A is CORRECT because the AWS documentation mentions it in the section called“Changing an Instance's Security Group” using the following sentence: “After you launch an instance into a VPC, you can change the security groups that are associated with the instance.

You can change the security groups for an instance when the instance is in the running or stopped state.”

Option B, C, D and E are INCORRECT as a consequence of A.Diagram: none.