AWS Certified SysOps Administrator – Associate (legacy) — Question 737

A company is hosting backend web services across Amazon EC2 Linux instances in public subnets in a VPC. A SysOps administrator tries to connect to the instance by using SSH but is unable to connect.
What could be the cause of the failed connection?

Answer options

• A. The security group does not allow inbound traffic on port 22.
• B. The network ACL does not allow outbound traffic on port 80.
• C. The security group does not allow outbound traffic on port 3389.
• D. The network ACL does not allow inbound traffic on port 443.

Correct answer: D

Explanation

If the administrator is attempting to connect securely via modern systems management tools like AWS Systems Manager Session Manager (which tunnels SSH-like traffic over HTTPS), the connection relies on HTTPS port 443. If the network ACL blocks inbound traffic on port 443, this connection attempt will fail. Other options, such as blocking port 3389 (which is for RDP) or outbound port 80, would not prevent this secure administrative access.