AWS Certified Security – Specialty — Question 330

A security engineer is attempting to troubleshoot a problem. An application that runs on an Amazon EC2 instance in a VPC cannot communicate with an Amazon RDS DB instance in another subnet of the same VPC. The connection request is timing out.

Which issues could be causing this problem? (Choose two.)

Answer options

• A. The application instance’s security group is not allowing outbound traffic.
• B. The network ACL of the application instance’s subnet is not allowing traffic between the application and the DB instance.
• C. The VPC’s route table is not configured correctly.
• D. There is no peering connection between the application and the database.
• E. The DB instance’s security group is not allowing outbound traffic.

Correct answer: A, B

Explanation

A connection timeout typically indicates that traffic is being silently dropped by a firewall, such as a Security Group or a Network Access Control List (NACL). Because both instances reside in the same VPC, they communicate natively via the default local route, meaning route tables and VPC peering are not factors. Thus, the issue is caused by either the application's security group restricting outbound traffic or the subnet's stateless NACL blocking the necessary traffic flow.