For this exercise you'll need:
EC2 instance with web application
Security group inbound rules that allow HTTP traffic
1)List the security groups you have in your account, in the region you are using
2)Remove the HTTP inbound traffic rule
3)Can you still access the application? What do you see/get?
4)Add back the rule
5)Can you access the application now?