Answer-first summary for fast verification
Answer: Ensure inbound rules of the security group allow traffic on ports 80 and 443., Ensure ephemeral ports 1024–65535 are allowed in the outbound rules of the network ACL., Ensure firewall rules running on the instance allow inbound traffic on ports 80 and 443.
For inbound web traffic: SG inbound must allow 80/443 from 0.0.0.0/0. NACLs are stateless so outbound for responses need ephemeral ports allowed in outbound NACL (return traffic from server high ports). Instance OS firewall (like iptables) must allow inbound 80/443. SG outbound usually allows all, inbound NACL for ephemeral if from client but main are A,D,E. WAF is additional.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A new EC2 web server in a public subnet can download OS updates but cannot be reached via a browser on ports 80/443. Which THREE steps should be taken to troubleshoot? (Choose three.)
A
Ensure inbound rules of the security group allow traffic on ports 80 and 443.
B
Ensure outbound rules of the security group allow traffic on ports 80 and 443.
C
Ensure ephemeral ports 1024–65535 are allowed in the inbound rules of the network ACL.
D
Ensure ephemeral ports 1024–65535 are allowed in the outbound rules of the network ACL.
E
Ensure firewall rules running on the instance allow inbound traffic on ports 80 and 443.
F
Ensure AWS WAF is blocking web traffic.