Which combination of steps will accomplish this task?

By:
On:
In: SAA-C02
Tagged:
With: 0 Comments
A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address.The default security group is assigned to the EC2 instance.The default network ACL has been modified to block all traffic.A solutions architect needs to make the web server accessible from everywhere on port443.

Which combination of steps will accomplish this task?

(Choose two.)

Create a security group with a rule to allow TCP port 443 from source 0.0.0.0/0.

Create a security group with a rule to allow TCP port 443 to destination 0.0.0.0/0.

Update the network ACL to allow TCP port 443 from source 0.0.0.0/0.

Update the network ACL to allow inbound/outbound TCP port 443 from source 0.0.0.0/0 and to destination 0.0.0.0/0.

Update the network ACL to allow inbound TCP port 443 from source 0.0.0.0/0 and outbound TCP port 32768-65535 to destination 0.0.0.0/0.

Explanations:

A security group with a rule allowing TCP on port 443 from 0.0.0.0/0 enables inbound HTTPS traffic, making the web server accessible from anywhere.

Security group rules are stateful and should allow inbound traffic; specifying 0.0.0.0/0 as a destination here is invalid for incoming connections.

A network ACL requires separate inbound and outbound rules. Specifying only a source with no outbound rule will not work.

Specifying 0.0.0.0/0 as both source and destination in a single ACL rule for both inbound and outbound traffic is not valid for proper connectivity.

Allowing inbound TCP on port 443 and outbound on ephemeral ports 32768-65535 provides full bidirectional access for HTTPS traffic, as required by AWS NACLs.

Leave a Reply

Your email address will not be published. Required fields are marked *

16 − 15 =