Prev Question
Next Question

An instance is launched into a VPC subnet with the network ACL configured to allow all
inbound traffic and deny all outbound traffic. The instance’s security group is configured to
allow SSH from any IP address and deny all outbound traffic. What changes need to be made
to allow SSH access to the instance?

A.
The outbound security group needs to be modified to allow outbound traffic.

B.
The outbound network ACL needs to be modified to allow outbound traffic.

C.
Nothing, it can be accessed from any IP address using SSH.

D.
Both the outbound security group and outbound network ACL need to be modified to allow
outbound traffic.

Explanation:
Need to open TCP Port 1024-65535 at Outbound Rules
“Allows outbound responses to the remote computer. Network ACLs are stateless, therefore
this rule is required to allow response traffic for inbound requests.”
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *