Q88 — AWS SOA-C02 Ch.1
Question 88 of 100 | ← Chapter 1
A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the SysOps administrator obtains the public IP address and attempts to remotely connect to the instance multiple times. However, the SysOps administrator always receives a timeout error. Which action will allow the SysOps administrator to remotely connect to the instance?
- A. Add a route table entry in the public subnet for the SysOps administrator's IP address.
- B. Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator's IP address.
- C. Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address. ✓
- D. Modify the instance security group to allow outbound SSH traffic to the SysOps administrator's IP address.
Correct Answer: C. Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address.
Explanation
远程连接EC2实例的问题通常与安全组规则相关。Amazon EC2的安全组作为实例的虚拟防火墙,默认拒绝所有入站流量。要允许SSH连接(TCP端口22),必须在安全组的入站规则中明确添加允许来源IP的规则。选项C直接针对入站流量配置,符合SSH访问需求。其他选项涉及的出站规则、路由表或网络ACL并未解决入站流量的限制问题。参考AWS文档中关于安全组的基础配置要求。