AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 266

Which port range must be allowed through a NACL to ensure all return traffic is successful?

Answer options

• A. 1024 גˆ’ 65,535
• B. 22
• C. 65,000 גˆ’ 65,535
• D. 80 גˆ’ 443

Correct answer: A

Explanation

Network Access Control Lists (NACLs) are stateless, meaning response traffic is not automatically allowed and must be explicitly configured. When a client establishes a connection, it utilizes a random destination port within the ephemeral port range of 1024 to 65,535 for the return traffic. Therefore, this entire range must be permitted to ensure successful return communication.