AWS Certified Advanced Networking Specialty Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the AWS Certified Advanced Networking Specialty Exam with detailed flashcards and multiple-choice questions. Each question includes hints and explanations. Ace your exam with confidence!

Practice this question and more.

What is a likely cause if a private subnet cannot reach port 8080 on the Internet?

NAT gateway misconfiguration
The NAT instances are blocking traffic to port 8080
Security group misconfiguration
The subnet does not have a route to the Internet

The correct answer is: The NAT instances are blocking traffic to port 8080

The reasoning behind the correct choice revolves around the role of NAT instances in managing traffic from private subnets to the internet. If a private subnet is unable to access port 8080, it indicates that the outbound traffic is being restricted. If a NAT instance is configured to block specific traffic types or ports, including port 8080, this would directly prevent resources in the private subnet from reaching external servers on that port. The NAT instance must allow for outbound connections to the internet to function correctly; if it’s misconfigured to block certain traffic (like that on port 8080), then that would explain the inability of resources in the private subnet to communicate over that port. In other scenarios, such as a NAT gateway misconfiguration or security group misconfiguration, while these can certainly affect communication, they do not specifically draw attention to the NAT instance's role regarding the particular issue of blocking traffic to port 8080. Lastly, if the subnet lacks an internet route, it would mean no access at all, but the scenario specifically mentions port 8080, implying that there was an attempt to access it. Thus, focusing on the NAT instance's configuration towards port-specific traffic becomes the most relevant explanation.