[Solved] Consider a NACL with the following rules:Inbound Rule 100: ALLOW TCP port 80Outbound Rule 100:... | AWS

AWS - Security Groups and Network ACLs

Consider a NACL with the following rules:
Inbound Rule 100: ALLOW TCP port 80
Outbound Rule 100: DENY all traffic
What will happen when an instance in the subnet tries to send a response to an HTTP request?

AThe response will be allowed because inbound is allowed

BThe response will be allowed because NACLs are stateful

CThe response will be blocked because outbound is denied

DThe response will be blocked because inbound denies it

Step-by-Step Solution

Solution:

Step 1: Analyze inbound rule
Inbound HTTP traffic on port 80 is allowed, so requests can reach the instance.
Step 2: Analyze outbound rule
Outbound rule denies all traffic, so responses from the instance are blocked.
Final Answer:
The response will be blocked because outbound is denied -> Option C
Quick Check:
Outbound DENY blocks response despite inbound ALLOW = B [OK]

Quick Trick: Both inbound and outbound must allow traffic for two-way flow [OK]

Common Mistakes:

MISTAKES

Assuming NACLs are stateful and allow return traffic automatically
Ignoring outbound rules when troubleshooting
Confusing inbound and outbound directions

Master "Security Groups and Network ACLs" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More AWS Quizzes

Consider a NACL with the following rules:

Step 1: Analyze inbound rule

Step 2: Analyze outbound rule

Final Answer:

Quick Check:

Want More Practice?