ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 272 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 272
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A SysOps administrator is creating a simple, public-facing website running on Amazon EC2. The SysOps administrator created the EC2 instance in an existing public subnet and assigned an Elastic IP address to the instance. Next, the SysOps administrator created and applied a new security group to the instance to allow incoming HTTP traffic from 0.0.0.0/0. Finally, the SysOps administrator created a new network ACL and applied it to the subnet to allow incoming HTTP traffic from 0.0.0.0/0. However, the website cannot be reached from the internet.

What is the cause of this issue?

  • A. The SysOps administrator did not create an outbound rule that allows ephemeral port return traffic in the new network ACL.
  • B. The SysOps administrator did not create an outbound rule in the security group that allows HTTP traffic from port 80.
  • C. The Elastic IP address assigned to the EC2 instance has changed.
  • D. There is an additional network ACL associated with the subnet that includes a rule that denies inbound HTTP traffic from port 80.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Gomer at May 2, 2023, 2:27 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Gomer
Highly Voted 1 year ago
Selected Answer: A
I agree with A. I don't know if comment is necessary, because anyone who understands NACLs knows you have to enable the ephemeral ports to serve a HTTP response to 0.0.0.0/0 origins.
upvoted 9 times
Christina666
9 months, 2 weeks ago
NACL outbound rule by default is allow all
upvoted 3 times
...
...
jipark
Most Recent 8 months, 3 weeks ago
Selected Answer: A
A. "outbound rule that allows ephemeral port return traffic" for stateless session, outbound traffic do not designate return traffic's port.
upvoted 2 times
...
Christina666
9 months, 2 weeks ago
Selected Answer: D
When you create a new network ACL and apply it to a subnet in Amazon VPC (Virtual Private Cloud), it replaces the default network ACL that is automatically created when the VPC is created. However, it's possible that another custom network ACL was previously associated with the subnet, and it might include rules that deny inbound HTTP traffic on port 80. The network ACLs act as stateless firewalls for controlling traffic in and out of subnets. By default, the default network ACL allows all inbound and outbound traffic, so when you create a new custom network ACL without any specific rules, it should allow all traffic by default. However, if there was an existing custom network ACL that has restrictive rules, it will override the new one.
upvoted 3 times
Christina666
9 months, 2 weeks ago
To resolve the issue, the SysOps administrator should check if there is an additional network ACL associated with the subnet. If so, they should modify the rules in that network ACL to allow incoming HTTP traffic on port 80.
upvoted 2 times
...
Christina666
9 months, 1 week ago
I vote for A after second review. Hi @examtopics team, can you modify my answer?
upvoted 2 times
...
...
rrshah83
11 months, 3 weeks ago
Selected Answer: A
nacl stateless
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago