Which of the following should the team check if a server cannot establish an outbound connection to the internet?
(Choose three.)
The route tables and the outbound rules on the appropriate private subnet security group.
The outbound network ACL rules on the private subnet and the inbound network ACL rules on the public subnet.
The outbound network ACL rules on the private subnet and both the inbound and outbound rules on the public subnet.
The rules on any host-based firewall that may be applied on the Amazon EC2 instances.
The Security Group applied to the Application Load Balancer and NAT gateway.
That the 0.0.0.0/0 route in the private subnet route table points to the Internet gateway in the public subnet.
Explanations:
The route tables in the private subnet must route traffic to the NAT gateway for internet access. The outbound rules on the private subnet security group must also allow outbound traffic.
The inbound network ACL rules on the public subnet are irrelevant to the private subnet’s outbound connectivity. Only the outbound ACLs on the private subnet are applicable.
Outbound network ACL rules on the private subnet are crucial for controlling egress traffic. The inbound and outbound rules on the public subnet do not directly affect outbound traffic from private subnet instances.
Host-based firewalls (e.g., iptables or Windows firewall) on EC2 instances could block outgoing traffic, so these need to be checked.
The security groups on the ALB and NAT gateway are not relevant to the private subnet instances’ outbound internet connectivity. These control access to the ALB or NAT gateway.
The 0.0.0.0/0 route in the private subnet route table must point to the NAT gateway, not the Internet Gateway, for outbound traffic from the private subnet to the internet.