AWS Certified Solutions Architect – Associate (SAA-C03) — Question 235

A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address. The default security group is assigned to the EC2 instance. The default network ACL has been modified to block all traffic. A solutions architect needs to make the web server accessible from everywhere on port 443.

Which combination of steps will accomplish this task? (Choose two.)

Answer options

• A. Create a security group with a rule to allow TCP port 443 from source 0.0.0.0/0.
• B. Create a security group with a rule to allow TCP port 443 to destination 0.0.0.0/0.
• C. Update the network ACL to allow TCP port 443 from source 0.0.0.0/0.
• D. Update the network ACL to allow inbound/outbound TCP port 443 from source 0.0.0.0/0 and to destination 0.0.0.0/0.
• E. Update the network ACL to allow inbound TCP port 443 from source 0.0.0.0/0 and outbound TCP port 32768-65535 to destination 0.0.0.0/0.

Correct answer: A, E

Explanation

Answer A is correct because creating a security group rule to allow TCP port 443 from source 0.0.0.0/0 enables access to the web server from any IP address. Answer E is also correct as it allows inbound access on port 443 and permits outbound traffic on a range of ports, which is necessary for the web server's responses. Options B, C, and D are incorrect as they either misconfigure the security group or do not adequately allow traffic through the modified network ACL.