If a Security Group allows outbound traffic on port 443 but the Network ACL denies outbound traffic on all ports, what is the effective behavior for outbound HTTPS requests?

medium📝 Predict Output Q5 of 15

AWS - Security Groups and Network ACLs

AOutbound HTTPS requests are blocked by the Network ACL

BOutbound HTTPS requests succeed because Security Group allows it

COutbound HTTPS requests succeed only if the instance is in a public subnet

DOutbound HTTPS requests are blocked by the Security Group

Step-by-Step Solution

Solution:

Step 1: Analyze Network ACL outbound rules
Network ACL denies all outbound traffic, so no outbound packets leave the subnet.
Step 2: Analyze Security Group outbound rules
Security Group allows outbound HTTPS, but cannot override subnet-level deny.
Final Answer:
Outbound HTTPS requests are blocked by the Network ACL -> Option A
Quick Check:
Subnet-level deny blocks outbound despite Security Group allow [OK]

Quick Trick: NACL deny blocks traffic even if Security Group allows [OK]

Common Mistakes:

MISTAKES

Assuming Security Group outbound rules override NACL
Confusing subnet type with traffic filtering
Ignoring stateless nature of NACLs

Master "Security Groups and Network ACLs" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

If a Security Group allows outbound traffic on port 443 but the Network ACL denies outbound traffic on all ports, what is the effective behavior for outbound HTTPS requests?

Step 1: Analyze Network ACL outbound rules

Step 2: Analyze Security Group outbound rules

Final Answer:

Quick Check:

Want More Practice?