Question

Which of the following statements are true in terms of allowing/denying traffic from/to VPC assuming the default rules are not in effect? (choose multiple)

A. In a Network ACL, for a successful HTTPS connection, add an inbound rule with HTTPS type, IP range in source and ALLOW traffic.

B. In a Network ACL, for a successful HTTPS connection, you must add an inbound rule and outbound rule with HTTPS type, IP range in source and destination respectively and ALLOW traffic.

C. In a Security Group, for a successful HTTPS connection, add an inbound rule with HTTPS type and IP range in the source.

D. In a Security Group, for a successful HTTPS connection, you must add an inbound rule and outbound rule with HTTPS type, IP range in source and destination respectively.

Answer 1

B. In a Network ACL, for a successful HTTPS connection, you must add an inbound rule and outbound rule with HTTPS type, IP range in source and destination respectively and ALLOW traffic.

C. In a Security Group, for a successful HTTPS connection, add an inbound rule with HTTPS type and IP range in the source.

Security groups are stateful — if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.

Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa).

Option A is not correct. NACL must have an outbound rule defined for a successful connection due to its stateless nature.

Option B is correct.

Option C is correct.

Configuring an inbound rule in a security group is enough for a successful connection due to its stateful nature.

Option D is not correct.

Configuring an outbound rule for incoming connection is not required in security groups.