AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 180

To allow all traffic to access an instance in "Subnet 1" that uses "Security Group 1", what two options need to be configured? (Choose two.)

Answer options

• A. NACL rule allowing 0.0.0.0/0 to access "Subnet 1"
• B. Security Group rule in "Security Group 1" that allows 0.0.0.0/0 inbound
• C. Security Group rule in "Security Group 1" that allows outbound traffic to 0.0.0.0/0
• D. NACL rule allowing 0.0.0.0/0 to access "Security Group 1"

Correct answer: A, B

Explanation

To allow all traffic into 'Subnet 1', a NACL rule must be in place allowing 0.0.0.0/0 access. Additionally, 'Security Group 1' needs to have an inbound rule that allows 0.0.0.0/0. The outbound rule (option C) is not necessary for incoming traffic access, and option D incorrectly applies NACL rules to a security group rather than the subnet.