AWS Certified Advanced Networking Specialty Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the AWS Certified Advanced Networking Specialty Exam with detailed flashcards and multiple-choice questions. Each question includes hints and explanations. Ace your exam with confidence!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What action should be taken to restore network reachability to an EC2 instance when VPC flow logs show rejected traffic?

  1. Change the instance type to a larger size

  2. Update the network ACL to allow outbound traffic

  3. Reboot the EC2 instance

  4. Modify the security group associated with the instance

The correct answer is: Update the network ACL to allow outbound traffic

To restore network reachability to an EC2 instance when VPC flow logs indicate that traffic is being rejected, updating the network ACL to allow outbound traffic is a crucial action. Network ACLs (NACLs) function at the subnet level and serve as a firewall that controls inbound and outbound traffic for the subnets in your VPC. When flow logs show that traffic is being rejected, it suggests that the existing rules within the network ACL are not permitting the necessary traffic types. By modifying the NACL to allow outbound traffic, you can ensure that requests from the EC2 instance can leave the subnet and reach their intended destination, thus restoring connectivity. This action directly addresses the root cause of the network reachability issue, which is the restriction imposed by the current NACL rules. Unlike changing the EC2 instance type, which does not influence network traffic rules, or rebooting the instance, which resets its state but does not affect networking settings, modifying the security group might not be sufficient if the NACL is the source of the rejection. Therefore, adjusting the NACL is necessary to rectify the specific issue of rejected traffic observed in the flow logs.

More Questions Like This