AWS Certified SysOps Administrator – Associate (legacy) — Question 94

An Amazon EC2 instance is unable to connect an SMTP server in a different subnet. Other instances are successfully communicating with the SMTP server, however VPC Flow Logs have been enabled on the SMTP server's network interface and show the following information:
2 223342798652 eni-abe77dab 10.1.1.200 10.100.1.10 1123 25 17 70 48252 1515534437 1515535037 REJECT OK
What can be done to correct this problem?

Answer options

• A. Add the instance to the security group for the SMTP server and ensure that is permitted to communicate over TCP port 25.
• B. Disable the iptables service on the SMTP server so that the instance can properly communicate over the network.
• C. Install an email client on the instance to ensure that it communicates correctly on TCP port 25 to the SMTP server.
• D. Add a rule to the security group for the instance to explicitly permit TCP port 25 outbound to any address.

Correct answer: D

Explanation

The correct answer is D because adding an outbound rule to the instance's security group that allows TCP port 25 to any address enables the instance to send traffic to the SMTP server. Option A is incorrect because it addresses inbound rules for the SMTP server rather than the outbound rules for the instance. Option B is not a solution, as disabling iptables may expose the SMTP server to security risks. Option C is irrelevant since installing an email client does not resolve the connectivity issue.