ANS-C01

Study mode — explanations shown

1

Network Security, Compliance and Governance

medium

A company has a VPC with a public subnet and a private subnet. The public subnet contains a NAT gateway and a bastion host. The private subnet contains several EC2 instances that need to download software updates from the internet. The security team has configured the following: - A security group on the EC2 instances allows outbound traffic to 0.0.0.0/0 on ports 443 and 80. - The private subnet's route table has a default route (0.0.0.0/0) pointing to the NAT gateway. - The NAT gateway is in the public subnet with an Elastic IP and its security group allows inbound traffic from the private subnet CIDR on ports 443 and 80, and outbound to 0.0.0.0/0 on all ports. Despite this, the EC2 instances cannot reach the internet. What is the most likely cause?

0 of 10 answered