AWS Certified SysOps Administrator – Associate — Question 441

A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance.
Which of the following are possible causes of this issue? (Choose two.)

Answer options

• A. A network ACL associated with the bastion's subnet is blocking the network traffic.
• B. The instance does not have a private IP address.
• C. The route table associated with the bastion's subnet does not have a route to the internet gateway.
• D. The security group for the instance does not have an inbound rule on port 22.
• E. The security group for the instance does not have an outbound rule on port 3389.

Correct answer: A, C

Explanation

For an Amazon EC2 instance to be reachable from the internet, its subnet's route table must contain a route to an internet gateway, and any associated Network ACLs must permit the inbound and outbound traffic. Security groups are stateful, meaning return traffic is automatically allowed, so an outbound rule for port 3389 is unnecessary. Additionally, RDP uses port 3389 rather than port 22 (which is used for SSH), and all EC2 instances in a VPC are automatically assigned a private IP address.