What collection of rules should be written to ensure that the private subnet’s NACL meets the requirement?
(Choose two.)
An inbound rule for port 80 from source 0.0.0.0/0.
An inbound rule for port 80 from source 10.0.0.0/24.
An outbound rule for port 80 to destination 0.0.0.0/0.
An outbound rule for port 80 to destination 10.0.0.0/24.
An outbound rule for ports 1024 through 65535 to destination 10.0.0.0/24.
Explanations:
Allowing inbound traffic on port 80 from 0.0.0.0/0 would allow traffic from anywhere on the internet, which is not required for the private subnet to meet the specific communication needs with the ALB.
An inbound rule for port 80 from 10.0.0.0/24 (the public subnet’s CIDR) ensures that the ALB can forward requests on port 80 to the web servers in the private subnet.
Allowing outbound traffic on port 80 to 0.0.0.0/0 would allow web traffic from the private subnet to the internet, which is not required for the private subnet. The web servers in the private subnet should not initiate traffic to the public internet.
An outbound rule for port 80 to 10.0.0.0/24 is not needed since the web servers in the private subnet only need to accept traffic from the ALB and not initiate communication with the public subnet on port 80.
Outbound traffic on ports 1024 through 65535 to 10.0.0.0/24 is required for the web servers in the private subnet to return responses to the ALB (ephemeral port range for the connection back to the ALB).
Based on what I know, the answer is:
An inbound rule for port 80 from source 10.0.0.0/24.