Which combination of steps should the SysOps administrator take to troubleshoot this issue?
(Choose three.)
Ensure that the inbound rules of the instance’s security group allow traffic on ports 80 and 443.
Ensure that the outbound rules of the instance’s security group allow traffic on ports 80 and 443.
Ensure that ephemeral ports 1024-65535 are allowed in the inbound rules of the network ACL that is associated with the instance’s subnet.
Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of the network ACL that is associated with the instance’s subnet.
Ensure that the filtering rules for any firewalls that are running on the instance allow inbound traffic on ports 80 and 443.
Ensure that AWS WAF is turned on for the instance and is blocking web traffic.
Explanations:
The instance’s security group must have inbound rules allowing HTTP (port 80) and HTTPS (port 443) traffic for it to be accessible from the internet.
Outbound rules in the security group are not needed for incoming web requests on ports 80 and 443, as responses are allowed by default for established connections.
Inbound rules for ephemeral ports are not needed in the network ACL for an instance to receive traffic on ports 80 and 443.
The network ACL’s outbound rules must allow ephemeral ports (1024-65535) so the instance can send responses to incoming HTTP/HTTPS requests.
Firewalls or host-based security settings on the instance should allow inbound traffic on ports 80 and 443 for web access to be possible.
AWS WAF is not necessary for basic web access and does not need to be enabled for connectivity; it is used primarily for managing web application security.