You want to allow a subnet to communicate with the internet using HTTP and HTTPS. Which NACL configuration correctly supports this stateless behavior?

hard📝 Best Practice Q15 of 15

AWS - Security Groups and Network ACLs

AAllow all inbound and outbound traffic to simplify rules

BAllow inbound TCP ports 80 and 443, allow outbound ephemeral ports 1024-65535

CAllow inbound and outbound TCP ports 80 and 443 only

DAllow inbound ephemeral ports 1024-65535, allow outbound TCP ports 80 and 443

Step-by-Step Solution

Solution:

Step 1: Understand HTTP/HTTPS traffic flow
Clients initiate outbound connections to ports 80 and 443; responses come back on ephemeral ports (1024-65535).
Step 2: Configure NACL rules for stateless behavior
Outbound rules must allow TCP ports 80 and 443; inbound rules must allow ephemeral ports for return traffic.
Final Answer:
Allow inbound ephemeral ports 1024-65535, allow outbound TCP ports 80 and 443 -> Option D
Quick Check:
Outbound to 80/443, inbound ephemeral ports for response = A [OK]

Quick Trick: Allow outbound ports 80/443 and inbound ephemeral ports for return [OK]

Common Mistakes:

Allowing inbound ports 80/443 instead of ephemeral ports
Not allowing ephemeral ports inbound blocks responses
Allowing all traffic unnecessarily

Master "Security Groups and Network ACLs" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

You want to allow a subnet to communicate with the internet using HTTP and HTTPS. Which NACL configuration correctly supports this stateless behavior?

Step 1: Understand HTTP/HTTPS traffic flow

Step 2: Configure NACL rules for stateless behavior

Final Answer:

Quick Check:

Want More Practice?