You want to allow inbound HTTP (port 80) and HTTPS (port 443) traffic from anywhere but deny all other inbound traffic. How should you configure the Network ACL rules?

hard📝 Best Practice Q8 of 15

AWS - Security Groups and Network ACLs

AAdd only allow rules for ports 80 and 443; no deny rules are needed.

BAdd a deny all rule first, then allow rules for ports 80 and 443.

CAdd allow rules for ports 80 and 443 with low rule numbers, then a deny all rule with a higher number.

DAdd a single allow rule for all inbound traffic, then deny rules for ports 80 and 443.

Step-by-Step Solution

Solution:

Step 1: Understand rule evaluation order
Rules are processed from lowest to highest number; first match applies.
Step 2: Configure rules to allow HTTP/HTTPS first
Allow rules for ports 80 and 443 must have lower numbers than deny all rule.
Step 3: Add deny all rule last
Deny all rule with higher number blocks all other traffic.
Final Answer:
Add allow rules for ports 80 and 443 with low rule numbers, then a deny all rule with a higher number. -> Option C
Quick Check:
Allow specific ports first, then deny all [OK]

Quick Trick: Allow specific traffic with low rule numbers, deny all last [OK]

Common Mistakes:

Placing deny all rule before allow rules
Not adding deny all rule
Allowing all traffic unintentionally

Master "Security Groups and Network ACLs" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

You want to allow inbound HTTP (port 80) and HTTPS (port 443) traffic from anywhere but deny all other inbound traffic. How should you configure the Network ACL rules?

Step 1: Understand rule evaluation order

Step 2: Configure rules to allow HTTP/HTTPS first

Step 3: Add deny all rule last

Final Answer:

Quick Check:

Want More Practice?