[Solved] A developer configures a NACL to allow inbound SSH (port 22) traffic but forgets to add an outbound rule to allow return... What issue will occur when trying to SSH into an instance in this subnet? | AWS

AWS - Security Groups and Network ACLs

A developer configures a NACL to allow inbound SSH (port 22) traffic but forgets to add an outbound rule to allow return traffic. The Security Group allows inbound and outbound SSH traffic. What issue will occur when trying to SSH into an instance in this subnet?

ASSH connection will fail because NACL outbound traffic is blocked.

BSSH connection will succeed because Security Groups allow traffic.

CSSH connection will fail because Security Groups block inbound traffic.

DSSH connection will succeed because NACLs are stateful.

Step-by-Step Solution

Solution:

Step 1: Check NACL outbound rules
NACLs are stateless, so return traffic must be explicitly allowed. Missing outbound rule blocks return SSH packets.
Step 2: Check Security Group rules
Security Groups allow inbound and outbound SSH, but cannot override NACL blocking outbound return traffic.
Final Answer:
SSH connection will fail because NACL outbound traffic is blocked. -> Option A
Quick Check:
NACL stateless requires outbound allow for return traffic [OK]

Quick Trick: NACLs need both inbound and outbound rules for two-way traffic [OK]

Common Mistakes:

MISTAKES

Assuming Security Groups fix NACL outbound block
Forgetting NACLs are stateless
Thinking inbound allow is enough

Master "Security Groups and Network ACLs" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More AWS Quizzes

What issue will occur when trying to SSH into an instance in this subnet?

Step 1: Check NACL outbound rules

Step 2: Check Security Group rules

Final Answer:

Quick Check:

Want More Practice?