AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 27

You deploy an Amazon EC2 instance that runs a web server into a subnet in a VPC. An Internet gateway is attached, and the main route table has a default route
(0.0.0.0/0) configured with a target of the Internet gateway.
The instance has a security group configured to allow as follows:
✑ Protocol: TCP
✑ Port: 80 inbound and nothing outbound
The Network ACL for the subnet is configured to allow as follows:
✑ Protocol: TCP
✑ Port: 80 inbound and nothing outbound
When you try to browse to the web server, you receive no response.
Which additional step should you take to receive a successful response?

Answer options

• A. Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 80
• B. Add an entry to the security group outbound rules for Protocol: TCP, Port Range: 1024-65535
• C. Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 80
• D. Add an entry to the Network ACL outbound rules for Protocol: TCP, Port Range: 1024-65535

Correct answer: D

Explanation

The correct answer is D because when a client makes a request to the web server, the server needs to send a response back to the client, which requires an outbound rule. Since the Network ACL only allows inbound traffic on port 80 and does not permit responses, adding an outbound rule for port range 1024-65535 allows ephemeral ports for the response. The other options focus on security group rules or do not provide the correct outbound configuration for the Network ACL.