🔥 3-day streak
AWS Certified CloudOps Engineer - Associate153 / 159
Question 153 of 159

A CloudOps engineer deploys web servers in a private subnet behind an internet-facing Application Load Balancer. The subnet's security group allows inbound TCP 443 from the ALB and all outbound traffic. Users report that HTTPS requests time out. The engineer confirms the security group is correct and then reviews the subnet's network ACL, which allows inbound TCP 443 from the ALB subnet CIDR and outbound TCP 443 to the ALB subnet CIDR, denying everything else. What change will restore connectivity?

Reviewed for accuracy · Report an issueNext question