Bird
0
0

A NACL has inbound ALLOW rule for TCP port 22 and outbound DENY rule for all traffic. What is the effect on SSH sessions?

medium📝 Debug Q6 of 15
AWS - Security Groups and Network ACLs
A NACL has inbound ALLOW rule for TCP port 22 and outbound DENY rule for all traffic. What is the effect on SSH sessions?
ASSH connections fail because outbound traffic is denied.
BSSH connections succeed because inbound is allowed.
CSSH connections succeed if security groups allow outbound.
DSSH connections fail because inbound rule is DENY.
Step-by-Step Solution
Solution:

  1. Step 1: Analyze inbound rule

    Inbound TCP port 22 is allowed, so initial SSH requests can reach the instance.

  2. Step 2: Analyze outbound rule

    Outbound DENY all blocks return SSH traffic, breaking the session.

  3. Final Answer:

    SSH connections fail because outbound traffic is denied. -> Option A

  4. Quick Check:

    Outbound DENY blocks return traffic = SSH fails [OK]
Quick Trick: Outbound DENY blocks return traffic, breaking sessions [OK]
Common Mistakes:
  • Ignoring outbound DENY effect
  • Assuming inbound ALLOW is enough
  • Confusing security group with NACL rules

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Resource tagging for cost tracking - Quiz 8hard AWS CLI - CLI output formats (json, table, text) - Quiz 13medium EC2 Fundamentals - Launching an EC2 instance - Quiz 11easy Identity and Access Management - IAM users and groups - Quiz 13medium Identity and Access Management - IAM policies (JSON structure) - Quiz 2easy Identity and Access Management - IAM users and groups - Quiz 6medium S3 Fundamentals - S3 storage classes (Standard, IA, Glacier) - Quiz 10hard Security Groups and Network ACLs - Security groups vs NACLs decision - Quiz 6medium VPC Fundamentals - VPC peering concept - Quiz 15hard VPC Fundamentals - Route tables configuration - Quiz 5medium