You have a NACL configured to allow inbound HTTP traffic on port 80. To ensure clients receive responses, which additional rule must be configured?

hard📝 Application Q8 of 15

AWS - Security Groups and Network ACLs

AAn inbound DENY rule for all other ports to block unwanted traffic

BAn outbound ALLOW rule for ephemeral ports (1024-65535) to permit return traffic

CAn outbound ALLOW rule for port 80 only

DNo additional rules are needed; inbound rules suffice

Step-by-Step Solution

Solution:

Step 1: Recognize stateless nature
NACLs do not track connection state, so return traffic must be explicitly allowed.
Step 2: Identify return traffic ports
Return traffic from HTTP responses uses ephemeral ports (1024-65535) on the outbound direction.
Step 3: Configure outbound rule
To allow return traffic, an outbound ALLOW rule for ephemeral ports is required.
Final Answer:
An outbound ALLOW rule for ephemeral ports (1024-65535) to permit return traffic -> Option B
Quick Check:
Return traffic uses ephemeral ports, so allow outbound ephemeral ports [OK]

Quick Trick: Allow outbound ephemeral ports for return traffic [OK]

Common Mistakes:

MISTAKES

Master "Security Groups and Network ACLs" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes