Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

EC2 instances in a private subnet time-out when using a NAT gateway in a public subnet to reach external HTTPS endpoints. Route tables and security groups are confirmed correct. The subnet's network ACL currently has only these rules: inbound ALLOW TCP 443 from 0.0.0.0/0, then DENY ALL; outbound ALLOW TCP 443 to 0.0.0.0/0, then DENY ALL. What network ACL change will restore connectivity while adhering to AWS best practices?

  • Move the NAT gateway into the same private subnet as the instances.

  • Replace the existing inbound rule with ALLOW TCP 80 from 0.0.0.0/0.

  • Add an outbound rule that allows UDP port 53 to 0.0.0.0/0.

  • Add an inbound rule that allows TCP ports 1024-65535 from the NAT gateway's CIDR to the subnet.

AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot