exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 384 discussion

A SysOps administrator is troubleshooting a VPC with public and private subnets that leverage custom network ACLs. Instances in the private subnet are unable to access the internet. There is an internet gateway attached to the public subnet. The private subnet has a route to a NAT gateway that is also attached to the public subnet. The Amazon EC2 instances are associated with the default security group for the VPC.

What is causing the issue in this scenario?

  • A. There is a network ACL on the private subnet set to deny all outbound traffic.
  • B. There is no NAT gateway deployed in the private subnet of the VPC.
  • C. The default security group for the VPC blocks all inbound traffic to the EC2 instances.
  • D. The default security group for the VPC blocks all outbound traffic from the EC2 instances.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
shinejh0528
1 week, 2 days ago
Selected Answer: C
No. It's C. In this sinario, there are 2 cases. 1. When accessing from outside: Blocked by default security group 2. When taking from inside: Default security group did not succeed. There is Ado Since 2 does not correspond to anything, it should be considered as 1 only, so C is appropriate. I understood that using the custom network ACL meant that the firewall was allowed. And the default security group originally had no settings. So I had to allow inbound in the security group. So I chose C. Even if the custom network ACL is incorrect and is reset, access is not possible if the security group does not allow it.
upvoted 1 times
...
Student013657
3 months, 3 weeks ago
Selected Answer: A
Agree with LudiVoss
upvoted 1 times
...
LudiVoss
8 months, 3 weeks ago
Selected Answer: A
It is A, default security groups don't block anything so it can only be in ACL.
upvoted 4 times
...
WinAndWin
9 months ago
Selected Answer: A
A is the best one.
upvoted 3 times
...
LemonGremlin
9 months ago
Selected Answer: A
There is a network ACL on the private subnet set to deny all outbound traffic. Network ACLs (Access Control Lists) are stateless and operate at the subnet level. If there is a network ACL on the private subnet that is configured to deny all outbound traffic, it would prevent instances in the private subnet from accessing the internet through the NAT gateway.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago