Answer-first summary for fast verification
Answer: Add a rule to the Network ACLs to allow outbound traffic on ports 1024 - 65535
Add a rule to the Network ACLs to allow outbound traffic on ports 1024 - 65535 A Network Access Control List (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. When you create a custom Network ACL and associate it with a subnet, by default, this custom Network ACL denies all inbound and outbound traffic until you add rules. A network ACL has separate inbound and outbound rules, and each rule can either allow or deny traffic. Network ACLs are stateless, which means that responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa). The client that initiates the request chooses the ephemeral port range. The range varies depending on the client's operating system. Requests originating from Elastic Load Balancing use ports 1024-65535. List of ephemeral port ranges: Many Linux kernels (including the Amazon Linux kernel) use ports 32768-61000. Requests originating from Elastic Load Balancing use ports 1024-65535. Windows operating systems through Windows Server 2003 use ports 1025-5000. Windows Server 2008 and later versions use ports 49152-65535. A NAT gateway uses ports 1024-65535. AWS Lambda functions use ports 1024-65535. Incorrect options: Add a rule to the Network ACLs to allow outbound traffic on ports 1025 - 5000 - As discussed above, Windows operating systems through Windows Server 2003 use ports 1025-5000. ELB uses the port range 1024-65535. Add a rule to the Network ACLs to allow outbound traffic on ports 32768 - 61000 - As discussed above, Linux kernels (including the Amazon Linux kernel) use ports 1025-5000. ELB uses the port range 1024-65535. Add a rule to the Security Group allowing outbound traffic on port 80 - A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. Security groups act at the instance level, not the subnet level. Security groups are stateful — if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You have set up a Network Access Control List (ACL) and a Security Group for both your load balancer and Amazon EC2 instances to permit inbound traffic on port 80, which is typically used for HTTP traffic. Despite this configuration, users are still unable to access your website following its deployment.
What further configuration needs to be implemented to ensure that the website is accessible to all users over the internet?
A
Add a rule to the Security Group allowing outbound traffic on port 80
B
Add a rule to the Network ACLs to allow outbound traffic on ports 32768
C
Add a rule to the Network ACLs to allow outbound traffic on ports 1024 - 65535
D
Add a rule to the Network ACLs to allow outbound traffic on ports 1025 - 5000