ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 518 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 518
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company is running an application on Amazon EC2 instances hosted in a private subnet of a VPC. The EC2 instances are configured in an Auto Scaling group behind an Elastic Load Balancer (ELB). The EC2 instances use a NAT gateway for outbound internet access. However, the EC2 instances are not able to connect to the public internet to download software updates.
What are the possible root causes of this issue? (Choose two.)

  • A. The ELB is not configured with a proper health check.
  • B. The route tables in the VPC are configured incorrectly.
  • C. The EC2 instances are not associated with an Elastic IP address.
  • D. The security group attached to the NAT gateway is configured incorrectly.
  • E. The outbound rules on the security group attached to the EC2 instances are configured incorrectly.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by DRSBBSR at Dec. 18, 2021, 3:24 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
azure_kai
Highly Voted 3 years, 4 months ago
Selected Answer: BE
NAT Gateway doesn't associate with a security group
upvoted 12 times
Alcpt
3 years, 4 months ago
BE https://www.youtube.com/watch?v=Yl81_rXbbgA
upvoted 2 times
...
...
FF11
Highly Voted 3 years, 4 months ago
Selected Answer: BE
B&E are correct. https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-troubleshooting.html#nat-gateway-troubleshooting-no-internet-connection
upvoted 5 times
...
BECAUSE
Most Recent 1 year, 11 months ago
Selected Answer: BE
B and E are the answers
upvoted 1 times
...
rude7
2 years, 8 months ago
Selected Answer: BE
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
upvoted 1 times
...
LimeCake
2 years, 9 months ago
Selected Answer: AB
A&B if the health check failed, then elb would not send traffic to instance. and security group allows every outbound default, not need to check. 'E' can be anwser if some outbound rule modification was added by user.
upvoted 1 times
...
cloud_collector
2 years, 9 months ago
Selected Answer: BE
D is NOT correct. You cannot associate a security group with a NAT gateway. You can associate security groups with your instances to control inbound and outbound traffic. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
upvoted 1 times
...
Ronie
3 years ago
Selected Answer: BE
A Incorrect - not relevant B is correct C - incorrect - Elastic IP not required to go out D - Incorrect - No Security group on NAT GW , just the NACLs on the NAT GW Subnet E - Correct - Although Outbound SG rules are open by default but if they are updated and not configured correctly , will be issue
upvoted 2 times
...
Karthikeyan_nick
3 years, 1 month ago
B & C are correct A: Irrelevant D: Gateway doesn't associate with a security group. E: By default, security group has allow outbound rule.
upvoted 1 times
Karthikeyan_nick
3 years, 1 month ago
Refer: https://aws.amazon.com/premiumsupport/knowledge-center/nat-gateway-vpc-private-subnet/
upvoted 1 times
...
...
downlinkvip
3 years, 4 months ago
I think A, B E is incorrect. By defaut, security group has allow outbound rule.
upvoted 2 times
drimdrim2002
3 years, 2 months ago
If there is a rule denying o/b?
upvoted 1 times
...
osel
3 years, 3 months ago
ELB Healthcheck will only affect ASG to properly auto-scale, not for PrivateSubnet EC2 to forward traffic to NAT GW
upvoted 1 times
...
...
Spacer
3 years, 4 months ago
B,C in my mind.
upvoted 2 times
osel
3 years, 3 months ago
EC2 are PrivateSubnet instances- why need public EIP?
upvoted 2 times
...
...
DRSBBSR
3 years, 4 months ago
should be A, B
upvoted 2 times
misiekg123
3 years, 4 months ago
Why healthcheck? B&D sounds reasonable.
upvoted 2 times
misiekg123
3 years, 4 months ago
Sry, meant B&E
upvoted 1 times
daddycool
3 years, 4 months ago
How can it be E, a security group allows all OUTBOUND traffic by default so why would we have to think about the "Outbound rules" being configured incorrectly?
upvoted 3 times
rude7
2 years, 8 months ago
When you first create a security group, it has an outbound rule that allows all outbound traffic from the resource. You can remove the rule and add outbound rules that allow specific outbound traffic only. If your security group has no outbound rules, no outbound traffic is allowed. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
upvoted 1 times
...
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago