AWS Certified SysOps Administrator – Associate (legacy) — Question 44

An HTTP web application is launched on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run across multiple Availability
Zones. A network ACL and a security group for the load balancer and EC2 instances allow inbound traffic on port 80. After launch, the website cannot be reached over the internet.
What additional step should be taken?

Answer options

• A. Add a rule to the security group allowing outbound traffic on port 80.
• B. Add a rule to the network ACL allowing outbound traffic on port 80.
• C. Add a rule to the security group allowing outbound traffic on ports 1024 through 65535.
• D. Add a rule to the network ACL allowing outbound traffic on ports 1024 through 65535.

Correct answer: B

Explanation

The correct answer is B because the network ACL must allow outbound traffic on port 80 to ensure that responses can return to clients accessing the web application. Option A is incorrect since the security group rules are not the issue here, and options C and D are unnecessary as they deal with a broader range of ports that are not required for basic web traffic.