Answer-first summary for fast verification
Answer: Adjust the network ACL linked to the new CIDR range to permit outbound traffic on ephemeral ports.
In this scenario, the application is not accessible to vendors despite the security groups and network ACLs allowing the required inbound traffic. This suggests an issue with outbound traffic rules. Ephemeral ports (high-numbered ports) are typically used for the responses to inbound requests. The network ACL associated with the new CIDR range must permit outbound traffic through these ephemeral ports to ensure proper communication. Therefore, the correct answer is option B: 'Adjust the network ACL linked to the new CIDR range to permit outbound traffic on ephemeral ports.'
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company has set up Amazon EC2 instances within a VPC to host servers accessible by external vendors via the internet. Recently, a new application was deployed on EC2 instances in a different CIDR range, and the company aims to grant vendors access to this new application. Despite confirming that the relevant security groups and network ACLs permit the necessary inbound ports, vendors are unable to connect to the application. What action should be taken to enable vendor access to the new application?
A
Modify the security group associated with the EC2 instances to mirror outbound rules with inbound rules.
B
Adjust the network ACL linked to the new CIDR range to permit outbound traffic on ephemeral ports.
C
Update the inbound rules of the internet gateway to allow the required ports.
D
Alter the network ACL connected to the new CIDR range to match outbound rules with inbound rules.
No comments yet.