AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Explanation:

Security groups do not have explicit deny rules, making option A incorrect. A Network ACL (NACL) is stateless and supports explicit deny rules, which would result in a REJECT entry in the VPC flow logs if it blocks traffic. Therefore, the network ACL blocking HTTPS traffic is the most likely cause of the failed connections shown in VPC flow logs.

Explanation:

Comments (0)

No comments yet.

Question 15

A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry: What is a possible cause of these failed connections?

Real Exam

Community

RRitesh

Last updated: May 3, 2026 at 18:34

A security group deny rule is blocking traffic on port 443.

The EC2 instance is shut down.

The network ACL is blocking HTTPS traffic.

The VPC has no internet gateway attached.

AWS Certified Cloud Practitioner

Get started today

Comments (0)

Get started today

Question 15 A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry: What is a possible cause of these failed connections?

Question 15

Comments (0)

Question 15

A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry: What is a possible cause of these failed connections?