AWS Certified Solutions Architect – Associate (SAA-C02) — Question 171

A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address. The default security group is assigned to the EC2 instance. The default network ACL has been modified to block all traffic. A solutions architect needs to make the web server accessible from everywhere on port
443.
Which combination of steps will accomplish this task? (Choose two.)

Answer options

• A. Create a security group with a rule to allow TCP port 443 from source 0.0.0.0/0.
• B. Create a security group with a rule to allow TCP port 443 to destination 0.0.0.0/0.
• C. Update the network ACL to allow TCP port 443 from source 0.0.0.0/0.
• D. Update the network ACL to allow inbound/outbound TCP port 443 from source 0.0.0.0/0 and to destination 0.0.0.0/0.
• E. Update the network ACL to allow inbound TCP port 443 from source 0.0.0.0/0 and outbound TCP port 32768-65535 to destination 0.0.0.0/0.

Correct answer: A, E

Explanation

Option A is correct because it allows incoming traffic on TCP port 443 from any source, making the web server accessible. Option E is also correct as it permits outbound traffic on the specified port range, which is necessary for establishing responses from the server. The other options either incorrectly configure the security group or do not properly adjust the network ACL to allow necessary traffic.