0/0Which action will allow the user to complete the curl request successfully?

By:
In: SOA-C02
Tagged:
With: 2 Comments
A user is connected to an Amazon EC2 instance in a private subnet.The user is unable to access the internet from the instance by using the following curl command: curl http:/www.example.com.A SysOps administrator reviews the VPC configuration and learns the following information:• The private subnet has a route to a NAT gateway for CIDR 0.0.0.0/0• The outbound security group for the EC2 instance contains one rule: outbound for port 443 to CIDR 0.0.0.0/0• The inbound security group for the EC2 instance allows ports 22 and 443 from the user’s IP address.• The inbound network ACL for the subnet allows port 22 and port range 1024-65535 from CIDR 0.0.0.

0/0Which action will allow the user to complete the curl request successfully?

Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0.

Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0.

Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.

Add an additional outbound security group rule for port 80 to the user’s IP address.

Explanations:

The issue is not related to the inbound network ACL for port 80. The EC2 instance needs an outbound rule for HTTP traffic, not an inbound ACL rule.

The inbound security group allows port 443 from the user’s IP, but the issue is outbound traffic to port 80 (HTTP). This rule would not resolve the problem.

The EC2 instance’s security group needs an outbound rule for HTTP traffic (port 80) to allow the curl request to access the internet. Port 443 is already allowed.

Adding an outbound security group rule for port 80 to the user’s IP would not be effective. The instance needs outbound access to the internet, not just to the user’s IP.

2026-04-02

2 Comments

  1. John
    Author

    From what I’ve seen, the answer is:
    Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.

  2. Gregory
    Author

    I suspect that the answer is:
    Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − sixteen =