ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 556 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 556
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company has an Amazon VPC that is divided into a public subnet and a private subnet. A web application runs in Amazon VPC, and each subnet has its own
NACL. The public subnet has a CIDR of 10.0.0.0/24. An Application Load Balancer is deployed to the public subnet. The private subnet has a CIDR of 10.0.1.0/24.
Amazon EC2 instances that run a web server on port 80 are launched into the private subnet.
Only network traffic that is required for the Application Load Balancer to access the web application can be allowed to travel between the public and private subnets.
What collection of rules should be written to ensure that the private subnet's NACL meets the requirement? (Choose two.)

  • A. An inbound rule for port 80 from source 0.0.0.0/0.
  • B. An inbound rule for port 80 from source 10.0.0.0/24.
  • C. An outbound rule for port 80 to destination 0.0.0.0/0.
  • D. An outbound rule for port 80 to destination 10.0.0.0/24.
  • E. An outbound rule for ports 1024 through 65535 to destination 10.0.0.0/24.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by Riho at Dec. 31, 2021, 1 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Riho
Highly Voted 3 years, 5 months ago
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-nacl - Right answer should be B,E
upvoted 13 times
...
SureNot
Most Recent 2 years, 6 months ago
Selected Answer: BE
BE - SOURCE port is random and uniuq for each connection from ALB. SG automatically allows return traffic but not NACL.
upvoted 2 times
...
alxjandroleiva
2 years, 7 months ago
Selected Answer: BD
BD, Why not?
upvoted 2 times
Aum
2 years, 7 months ago
BE.. can't be D because NACL is stateless
upvoted 1 times
...
...
Dionenonly
2 years, 8 months ago
Selected Answer: BE
B E would be the best answer
upvoted 2 times
...
CloudHandsOn
2 years, 10 months ago
B.E. - First choice, and believe this is the correct answer
upvoted 2 times
...
aandc
2 years, 11 months ago
Selected Answer: BE
ephemeral ports are needed
upvoted 2 times
...
JonJon03
2 years, 11 months ago
Selected Answer: BD
ALB terminates flow/has proxy behaviour. https://aws.amazon.com/elasticloadbalancing/features/?nc=sn&loc=2&dn=1
upvoted 2 times
...
bobsmith2000
3 years ago
NACL is stateless. So we must set up both inbound and outbound. B. An inbound rule for port 80 from source 10.0.0.0/24. Allows access from pub sub on 80. E. An outbound rule for ports 1024 through 65535 to destination 10.0.0.0/24. Allow outbound to pub sub on ephemeral ports
upvoted 4 times
...
adsdadasdad
3 years, 2 months ago
Its not, you made the mistake of thinking the application load balancer is an internal one. Thus the answer is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel