Bird
Raised Fist0
AWScloud~20 mins

Inbound and outbound rules in AWS - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Inbound and Outbound Rules Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
Understanding Security Group Inbound Rules

You have a security group with the following inbound rule:

Type: SSH
Protocol: TCP
Port Range: 22
Source: 0.0.0.0/0

What is the effect of this rule?

ABlocks SSH access from all IP addresses to instances associated with this security group.
BAllows SSH access only from within the same VPC.
CAllows SSH access only from a specific IP address.
DAllows SSH access from any IP address to instances associated with this security group.
Attempts:
2 left
💡 Hint

Think about what 0.0.0.0/0 means in networking.

Architecture
intermediate
2:00remaining
Outbound Rules for Internet Access

You want your EC2 instances in a private subnet to access the internet for software updates. Which outbound rule should you add to the security group?

AAllow all outbound traffic (All protocols, All ports, Destination 0.0.0.0/0).
BAllow inbound HTTP traffic from 0.0.0.0/0.
CAllow inbound traffic on port 80 from the internet.
DAllow outbound traffic only on port 22 to 0.0.0.0/0.
Attempts:
2 left
💡 Hint

Think about what outbound rules control and what is needed for internet access.

security
advanced
2:00remaining
Restricting Inbound Access to a Specific IP

You want to allow HTTP access (port 80) only from your office IP 203.0.113.5. Which inbound rule configuration is correct?

AType: HTTP, Protocol: TCP, Port Range: 80, Source: 203.0.113.5/32
BType: HTTP, Protocol: TCP, Port Range: 80, Source: 0.0.0.0/0
CType: HTTP, Protocol: TCP, Port Range: 80, Source: 203.0.113.0/24
DType: HTTP, Protocol: UDP, Port Range: 80, Source: 203.0.113.5/32
Attempts:
2 left
💡 Hint

Consider the CIDR notation for a single IP and the correct protocol for HTTP.

Best Practice
advanced
2:00remaining
Best Practice for Outbound Rules in Security Groups

Which of the following is the best practice for configuring outbound rules in AWS security groups?

ADeny all outbound traffic by default and open ports as needed.
BAllow all outbound traffic by default unless there is a specific reason to restrict it.
CAllow outbound traffic only on port 22 for SSH.
DAllow outbound traffic only on port 80 for HTTP.
Attempts:
2 left
💡 Hint

Think about ease of management and common AWS defaults.

🧠 Conceptual
expert
2:00remaining
Effect of Missing Outbound Rules

If a security group has inbound rules allowing HTTP (port 80) from anywhere but has no outbound rules configured, what will happen when an instance receives an HTTP request?

AThe instance will send a response but cannot receive further requests.
BThe instance will block the incoming HTTP request due to missing outbound rules.
CThe instance will receive and respond to the request normally.
DThe instance will receive the request but cannot send a response back, causing the connection to fail.
Attempts:
2 left
💡 Hint

Remember how security groups handle stateful traffic.

Practice

(1/5)
1. What do inbound rules in a security group control in AWS?
easy
A. Both incoming and outgoing traffic
B. Outgoing traffic from your resources
C. Incoming traffic to your resources
D. Traffic between AWS regions

Solution

  1. Step 1: Understand inbound rules purpose

    Inbound rules specify what incoming network traffic is allowed to reach your AWS resources.

  2. Step 2: Differentiate inbound from outbound

    Outbound rules control outgoing traffic, so inbound rules only affect incoming connections.

  3. Final Answer:

    Incoming traffic to your resources -> Option C

  4. Quick Check:

    Inbound = Incoming traffic [OK]
Hint: Inbound means incoming traffic allowed [OK]
Common Mistakes:
  • Confusing inbound with outbound rules
  • Thinking inbound controls outgoing traffic
  • Assuming inbound controls both directions
2. Which of the following is the correct way to allow HTTP traffic inbound on port 80 in an AWS security group?
easy
A. Allow TCP traffic on port 80 inbound
B. Allow TCP traffic on port 22 inbound
C. Allow UDP traffic on port 80 outbound
D. Allow ICMP traffic inbound

Solution

  1. Step 1: Identify HTTP port and protocol

    HTTP uses TCP protocol on port 80.

  2. Step 2: Match rule to allow inbound HTTP

    Allowing TCP traffic on port 80 inbound correctly permits HTTP requests.

  3. Final Answer:

    Allow TCP traffic on port 80 inbound -> Option A

  4. Quick Check:

    HTTP = TCP port 80 inbound [OK]
Hint: HTTP uses TCP port 80 inbound [OK]
Common Mistakes:
  • Using wrong port number for HTTP
  • Allowing outbound instead of inbound
  • Using UDP instead of TCP for HTTP
3. Given this security group outbound rule: Allow all traffic (all protocols) to 0.0.0.0/0, what is the effect?
medium
A. Allows outbound traffic only on port 443
B. Blocks all outbound traffic
C. Allows inbound traffic from any IP
D. Allows all outbound traffic to any IP

Solution

  1. Step 1: Analyze the outbound rule details

    The rule allows all protocols and all ports outbound to any IP address (0.0.0.0/0 means anywhere).

  2. Step 2: Understand outbound traffic effect

    This means any outbound traffic from the resource is allowed to any destination.

  3. Final Answer:

    Allows all outbound traffic to any IP -> Option D

  4. Quick Check:

    Outbound all traffic to 0.0.0.0/0 = Allow all outbound [OK]
Hint: 0.0.0.0/0 means anywhere, all protocols means all traffic [OK]
Common Mistakes:
  • Confusing inbound and outbound rules
  • Thinking it blocks traffic
  • Assuming it restricts ports
4. You created an inbound rule allowing TCP port 22 from 0.0.0.0/0 but cannot SSH into your EC2 instance. What is a likely cause?
medium
A. Security group is not attached to the instance
B. Inbound rule uses UDP instead of TCP
C. Port 22 is closed on the instance's OS firewall
D. Outbound rules block all traffic

Solution

  1. Step 1: Check security group attachment

    Even if rules are correct, if the security group is not attached to the instance, rules won't apply.

  2. Step 2: Consider other causes

    Outbound rules usually allow return traffic by default; OS firewall or protocol mismatch would cause different symptoms.

  3. Final Answer:

    Security group is not attached to the instance -> Option A

  4. Quick Check:

    Security group must be attached to instance [OK]
Hint: Check if security group is attached to instance [OK]
Common Mistakes:
  • Ignoring security group attachment
  • Assuming outbound rules block SSH
  • Not checking OS firewall settings
5. You want to allow your web server to receive HTTP requests from anywhere but restrict outbound traffic to only HTTPS (port 443). Which inbound and outbound rules should you configure?
hard
A. Inbound: Allow UDP port 80 from 0.0.0.0/0; Outbound: Allow TCP port 443 to 0.0.0.0/0
B. Inbound: Allow TCP port 80 from 0.0.0.0/0; Outbound: Allow TCP port 443 to 0.0.0.0/0
C. Inbound: Allow TCP port 443 from 0.0.0.0/0; Outbound: Allow TCP port 80 to 0.0.0.0/0
D. Inbound: Allow TCP port 80 from 192.168.0.0/24; Outbound: Allow all traffic to 0.0.0.0/0

Solution

  1. Step 1: Set inbound rule for HTTP

    Allow TCP port 80 inbound from anywhere (0.0.0.0/0) to receive HTTP requests.

  2. Step 2: Set outbound rule for HTTPS only

    Allow TCP port 443 outbound to anywhere to restrict outgoing traffic to HTTPS.

  3. Final Answer:

    Inbound: Allow TCP port 80 from 0.0.0.0/0; Outbound: Allow TCP port 443 to 0.0.0.0/0 -> Option B

  4. Quick Check:

    Inbound HTTP, outbound HTTPS only [OK]
Hint: Inbound HTTP port 80, outbound HTTPS port 443 [OK]
Common Mistakes:
  • Mixing up inbound and outbound ports
  • Using UDP instead of TCP for HTTP
  • Restricting inbound to private IPs only