Topic 1 Question 253
2 つ選択A security engineer has been asked to troubleshoot inbound connectivity to a web server. This single web server is not receiving inbound connections from the internet, whereas all other web servers are functioning properly.
The architecture includes network ACLs, security groups, and a virtual security appliance. In addition, the development team has implemented Application Load Balancers (ALBs) to distribute the load across all web servers. It is a requirement that traffic between the web servers and the internet flow through the virtual security appliance.
The security engineer has verified the following:
- The rule set in the security groups is correct.
- The rule set in the network ACLs is correct.
- The rule set in the virtual appliance is correct.
Which of the following are other valid items to troubleshoot in this scenario?
Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to a NAT gateway.
Verify which security group is applied to the particular web server’s elastic network interface (ENI).
Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to the virtual security appliance.
Verify the registered targets in the ALB.
Verify that the 0.0.0.0/0 route in the public subnet points to a NAT gateway.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: BD
B and D
👍 4jdx0002024/11/28 - 正解だと思う選択肢: CD
C. Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to the virtual security appliance. Since the architecture specifies that traffic between the web servers and the internet must flow through a virtual security appliance, the route table for the web server subnet should direct traffic to this appliance. If the route is incorrect or missing, traffic will not be properly forwarded to the appliance and will be blocked, causing the web server to be unreachable. D. Verify the registered targets in the ALB. Even though the security groups, network ACLs, and virtual appliance configurations are correct, it's important to verify that the Application Load Balancer (ALB) correctly registers the target web server. If the target (your web server) is not registered or is in an unhealthy state, the ALB will not forward traffic to it, causing the web server to not receive incoming connections.
👍 2HappyG2024/11/30 - 正解だと思う選択肢: CD
The most likely causes for the inbound connectivity issue to the web server are related to routing and security group configurations.
Here are the two most valid items to troubleshoot:
C. Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to the virtual security appliance.
This ensures that traffic destined for the web server is routed correctly through the security appliance.
D. Verify the registered targets in the ALB.
If the web server is not registered as a target in the ALB, it will not receive any traffic from the internet.
👍 1IPLogic2024/12/05
シャッフルモード