AWS - Security Groups and Network ACLs
An instance has a security group allowing outbound traffic on port 53 (DNS). What happens when the instance sends a DNS query?
An instance has a security group allowing outbound traffic on port 53 (DNS). What happens when the instance sends a DNS query?
medium📝 Predict Output Q5 of 15
Step-by-Step Solution
Solution:
Step 1: Identify outbound rule effect
Outbound port 53 is allowed, so DNS queries can be sent out.Step 2: Apply stateful behavior for inbound response
Return inbound traffic for the query response is allowed automatically.Final Answer:
Response inbound traffic is allowed automatically due to stateful behavior -> Option AQuick Check:
Outbound allowed = return inbound auto-allowed [OK]
Quick Trick: Outbound allowed means return inbound traffic auto-allowed [OK]
Common Mistakes:
MISTAKES- Requiring inbound port 53 open for response
- Confusing inbound and outbound rules
- Thinking ephemeral ports must be opened manually
Master "Security Groups and Network ACLs" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes