🔥 3-day streak
AWS Certified Security - Specialty154 / 184
Question 154 of 184

A company runs a three-tier application in a VPC. The database tier EC2 instances are in private subnets, and the application tier must connect to them on TCP 5432. A security engineer configures the database instances' security group to allow inbound TCP 5432 only from the application tier's security group. However, the engineer forgets to add any outbound rule allowing return traffic to the application tier. During testing, application-to-database connections succeed normally. Why do the connections still work despite the missing explicit outbound allow rule?

Reviewed for accuracy · Report an issueNext question