AWS Certified SysOps Administrator – Associate (legacy) — Question 663

A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance.
Which of the following are possible causes of this issue? (Choose two.)

Answer options

• A. A network ACL associated with the bastion's subnet is blocking the network traffic.
• B. The instance does not have a private IP address.
• C. The route table associated with the bastion's subnet does not have a route to the internet gateway.
• D. The security group for the instance does not have an inbound rule on port 22.
• E. The security group for the instance does not have an outbound rule on port 3389.

Correct answer: C, E

Explanation

A route to the internet gateway (C) is required in the subnet's route table to allow external traffic from the internet to reach the Amazon EC2 instance. Additionally, proper configuration of port 3389 (E) in the security group rules is necessary to permit RDP traffic. Port 22 is used for SSH rather than RDP, and EC2 instances in a VPC are automatically assigned private IP addresses.