Examtopics

コメント(6)

• 正解だと思う選択肢: D

  I’ll go for D. Looks like that NACL allows inbound traffic from ephemeral port range, but doesn’t allow outbound.

  👍 3

  csG132023/03/08

• I go for D.

  If your network ACL permits outbound ICMP traffic, the flow log displays two ACCEPT records (one for the originating ping and one for the response ping). If your security group denies inbound ICMP traffic, the flow log displays a single REJECT record, because the traffic was not permitted to reach your instance.

  https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#:~:text=1431280876%201431280934%20%2D%20SKIPDATA-,Security%20group%20and%20network%20ACL%20rules,-If%20you%27re%20using

  👍 3

  atseki2023/03/16
• 正解だと思う選択肢: B

  According to the flow log record shown in the picture, the traffic is rejected by the security group of the NLB, which means that the traffic is not reaching the EC2 instances. The source IP address in the flow log is from an on-premises environment, which indicates that the issue is related to the communication between the on-premises environment and the NLB.

  Since the NLB is the entry point for the traffic to reach the EC2 instances, it is important to ensure that the security group of the NLB allows traffic from the on-premises environment. The security group rules should allow inbound traffic from the IP addresses or the CIDR blocks of the on-premises environment on the relevant port (8080 in this case).

  👍 1

  Vivec2023/03/09