Explanation:
To allow internet traffic to a web server in a public subnet, the Security Group must have inbound rules allowing HTTP (port 80) and HTTPS (port 443) traffic. Since Security Groups are stateful, return traffic is automatically allowed. However, Network ACLs are stateless and require explicit rules for both directions; therefore, inbound traffic on 80/443 must be allowed, and outbound traffic must be allowed on ephemeral ports (1024-65535) so the server can respond. Lastly, any host-based OS firewalls (like iptables or Windows Firewall) running on the EC2 instance must also allow inbound traffic on ports 80 and 443.
Ultimate access to all questions.
Question 32 A SysOps administrator has set up a new Amazon EC2 instance as a web server in a public subnet. The instance uses HTTP port 80 and HTTPS port 443. The SysOps administrator has confirmed internet connectivity by downloading operating system updates and software from public repositories. However, the SysOps administrator cannot access the instance from a web browser on the internet. Which combination of steps should the SysOps administrator take to troubleshoot this issue? (Choose three.)
A
Ensure that the inbound rules of the instance's security group allow traffic on ports 80 and 443.
B
Ensure that the outbound rules of the instance's security group allow traffic on ports 80 and 443.
C
Ensure that ephemeral ports 1024–65535 are allowed in the inbound rules of the network ACL that is associated with the instance's subnet.
D
Ensure that ephemeral ports 1024–65535 are allowed in the outbound rules of the network ACL that is associated with the instance's subnet.
E
Ensure that the filtering rules for any firewalls that are running on the instance allow inbound traffic on ports 80 and 443.
F
Ensure that AWS WAF is turned on for the instance and is blocking web traffic.
No comments yet.