You created a security group allowing inbound TCP on port 3306 but forgot to add outbound rules. Why can your database client still connect to the database instance?

medium📝 Debug Q6 of 15

AWS - Security Groups and Network ACLs

ABecause security groups are stateful and allow return traffic automatically

BBecause outbound rules default to allow all traffic

CBecause the client uses UDP, not TCP

DBecause the instance has a public IP

Step-by-Step Solution

Solution:

Step 1: Recall stateful nature of security groups
Inbound allowed means return outbound traffic is automatically allowed.
Step 2: Understand default outbound rules
Even if outbound rules are missing, stateful behavior allows return traffic.
Final Answer:
Security groups are stateful and allow return traffic automatically -> Option A
Quick Check:
Stateful = return traffic auto-allowed [OK]

Quick Trick: Stateful means no outbound rule needed for return traffic [OK]

Common Mistakes:

MISTAKES

Assuming outbound rules default to allow all
Confusing TCP and UDP protocols
Thinking public IP affects security group behavior

Master "Security Groups and Network ACLs" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

You created a security group allowing inbound TCP on port 3306 but forgot to add outbound rules. Why can your database client still connect to the database instance?

Step 1: Recall stateful nature of security groups

Step 2: Understand default outbound rules

Final Answer:

Quick Check:

Want More Practice?