Which action will allow the SysOps administrator to remotely connect to the instance?
Add a route table entry in the public subnet for the SysOps administrator’s IP address.
Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator’s IP address.
Modify the instance security group to allow inbound SSH traffic from the SysOps administrator’s IP address.
Modify the instance security group to allow outbound SSH traffic to the SysOps administrator’s IP address.
Explanations:
Adding a route table entry for the SysOps administrator’s IP address is unnecessary. The public subnet already has a route to the Internet via the Internet Gateway (IGW). The issue is more likely related to security group or network ACL configurations.
Modifying the outbound network ACL rule is unnecessary. Outbound traffic from the instance is typically allowed by default. The issue lies in the inbound traffic configuration, as the SysOps administrator needs to connect via SSH.
The correct action is to modify the instance’s security group to allow inbound SSH (TCP port 22) traffic from the SysOps administrator’s IP address. Without this rule, inbound SSH traffic will be blocked, preventing the remote connection.
Modifying the instance’s security group to allow outbound SSH traffic to the SysOps administrator’s IP address is not needed for SSH access. SSH is an inbound connection to the instance, not outbound.
In my opinion, the answer is:
Modify the instance security group to allow inbound SSH traffic from the SysOps administrator’s IP address.