AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
An EC2 instance with a web server in a public subnet has an Elastic IP and the default security group. The default network ACL is set to block all traffic. What steps are required to make the web server accessible on port 443 globally?
An EC2 instance with a web server in a public subnet has an Elastic IP and the default security group. The default network ACL is set to block all traffic. What steps are required to make the web server accessible on port 443 globally?
Explanation:
To make the web server accessible globally on port 443, you need to update both the security group and the network ACL. Option A (Add a security group rule for TCP port 443 from any source) is correct because security groups act as virtual firewalls for instances to control inbound and outbound traffic. Option E (Update the network ACL for inbound TCP port 443 and outbound ephemeral ports) is also correct as network ACLs control traffic at the subnet level. For an inbound connection like HTTPS on port 443, the response traffic flows through ephemeral ports ranging from 32768-65535.