Q2 — AWS SOA-C02 Ch.1

Question 2 of 100 | ← Chapter 1

A SysOps administrator has set up a new Amazon EC2 instance as a web server in a public subnet. The instance uses HTTP port 80 and HTTPS port 443. The SysOps administrator has confirmed internet connectivity by downloading operating system updates and software from public repositories. However, the SysOps administrator cannot access the instance from a web browser on the internet. Which combination of steps should the SysOps administrator take to troubleshoot this issue? (Choose three.)

Correct Answer: A. Ensure that the inbound rules of the instance’s security group allow traffic on ports 80 and 443., D. Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of the network ACL that is associated with the instance’s subnet., E. Ensure that the filtering rules for any firewalls that are running on the instance allow inbound traffic on ports 80 and 443.

Explanation

Amazon EC2实例配置为Web服务器,但无法通过浏览器访问。可能涉及安全组、网络ACL和主机防火墙设置。 **A**:安全组入站规则需允许HTTP/HTTPS端口(80/443)的外部访问。 **D**:网络ACL出站规则需允许临时端口(1024-65535),确保响应流量返回客户端。 **E**:实例操作系统内部的防火墙(如iptables)可能阻止入站流量,需验证规则。 **来源**:AWS文档中安全组与网络ACL的流量控制机制,以及实例级防火墙配置的影响。