ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 432 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 432
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A SysOps administrator has set up a new Amazon EC2 instance as a web server in a public subnet. The instance uses HTTP port 80 and HTTPS port 443.

The SysOps administrator has confirmed internet connectivity by downloading operating system updates and software from public repositories. However, the SysOps administrator cannot access the instance from a web browser on the internet.

Which combination of steps should the SysOps administrator take to troubleshoot this issue? (Choose three.)

  • A. Ensure that the inbound rules of the instance’s security group allow traffic on ports 80 and 443.
  • B. Ensure that the outbound rules of the instance’s security group allow traffic on ports 80 and 443.
  • C. Ensure that ephemeral ports 1024-65535 are allowed in the inbound rules of the network ACL that is associated with the instance's subnet.
  • D. Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of the network ACL that is associated with the instance’s subnet.
  • E. Ensure that the filtering rules for any firewalls that are running on the instance allow inbound traffic on ports 80 and 443.
  • F. Ensure that AWS WAF is turned on for the instance and is blocking web traffic.
Show Suggested Answer Hide Answer
Suggested Answer: ADE 🗳️
by gamebase at March 20, 2024, 1:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gamebase
Highly Voted 7 months, 1 week ago
Selected Answer: ADE
A. Missing port 80 en 443 for inbound traffic on the security group could cause blocked traffic D. Missing ephemeral ports for outbound traffic on the subnet network ACL could cause blocked return traffic from the webserver to the user E. The EC2 instance can run it's own firewall in the OS, this could cause blocked traffic Why not B? Outbound traffic on ports 80 and 443 work, the question mentions that downloading OS updates worked. Why not C? Ephemeral ports are needed outbound in this case, not inbound. It's for return traffic from the webserver to the user, so outbound. Why not F? You don't need a WAF in this case, so this options seems nonsense for me.
upvoted 10 times
tgv
6 months, 1 week ago
Totally agree with you!
upvoted 1 times
...
...
klayytech
Most Recent 7 months, 1 week ago
Selected Answer: ADE
Why not B? Outbound traffic on ports 80 and 443 work, the question mentions that downloading OS updates worked. Why not C? Ephemeral ports are needed outbound in this case, not inbound. It's for return traffic from the webserver to the user, so outbound. Why not F? You don't need a WAF in this case, so this options seems nonsense for me.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago