Explanation:
For inbound web traffic: SG inbound must allow 80/443 from 0.0.0.0/0. NACLs are stateless so outbound for responses need ephemeral ports allowed in outbound NACL (return traffic from server high ports). Instance OS firewall (like iptables) must allow inbound 80/443. SG outbound usually allows all, inbound NACL for ephemeral if from client but main are A,D,E. WAF is additional.
Ultimate access to all questions.
No comments yet.
A new EC2 web server in a public subnet can download OS updates but cannot be reached via a browser on ports 80/443. Which THREE steps should be taken to troubleshoot? (Choose three.)
A
Ensure inbound rules of the security group allow traffic on ports 80 and 443.
B
Ensure outbound rules of the security group allow traffic on ports 80 and 443.
C
Ensure ephemeral ports 1024–65535 are allowed in the inbound rules of the network ACL.
D
Ensure ephemeral ports 1024–65535 are allowed in the outbound rules of the network ACL.
E
Ensure firewall rules running on the instance allow inbound traffic on ports 80 and 443.
F
Ensure AWS WAF is blocking web traffic.