AWS Certified Security – Specialty — Question 104

Authorized Administrators are unable to connect to an Amazon EC2 Linux bastion host using SSH over the Internet. The connection either fails to respond or generates the following error message:
Network error: Connection timed out.
What could be responsible for the connection failure? (Choose three.)

Answer options

• A. The NAT gateway in the subnet where the EC2 instance is deployed has been misconfigured.
• B. The internet gateway of the VPC has been misconfigured.
• C. The security group denies outbound traffic on ephemeral ports.
• D. The route table is missing a route to the internet gateway.
• E. The NACL denies outbound traffic on ephemeral ports.
• F. The host-based firewall is denying SSH traffic.

Correct answer: D, E, F

Explanation

The correct answers are D, E, and F because a missing route to the internet gateway will prevent outgoing traffic, NACLs that block outbound traffic on ephemeral ports will also hinder connections, and a host-based firewall denying SSH traffic will stop the connection attempt. Options A and B are less likely to be the cause of the failure as the NAT gateway and internet gateway configurations primarily affect inbound traffic rather than direct SSH access.