AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 13

You ping an Amazon Elastic Compute Cloud (EC2) instance from an on-premises server. VPC Flow Logs record the following:
2 123456789010 eni-1235b8ca 10.123.234.78 172.11.22.33 0 0 1 8 672 1432917027
1432917142 ACCEPT OK
2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917027
1432917082 ACCEPT OK
2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917094
1432917142 REJECT OK
Why are ICMP responses not received by the on-premises system?

Answer options

• A. The inbound network access control list is blocking the traffic
• B. The outbound network access control list is blocking the traffic
• C. The inbound security group is blocking the traffic.
• D. The outbound security group is blocking the traffic.

Correct answer: B

Explanation

The correct answer is B because the VPC Flow Logs indicate that the outgoing traffic from the EC2 instance is being rejected, suggesting that the outbound network access control list is blocking the ICMP response. The other options involve security groups or inbound rules, which do not apply to this scenario as the issue is with outbound traffic not being allowed.