Question 1,024 of 1,546
Networking and Content DeliveryeasyMultiple ChoiceObjective-mapped

Quick Answer

The answer is that the EC2 instances are not passing the ALB health checks. This is the most likely cause of intermittent 503 errors because an Application Load Balancer only routes traffic to healthy targets; when health checks fail, the ALB marks the instances as unhealthy and stops sending requests, resulting in a 503 Service Unavailable response for users. On the AWS Certified SysOps Administrator Associate SOA-C02 exam, this scenario tests your understanding of how ALB health checks interact with target group configuration and security group rules—a common trap is assuming a misconfigured security group is at fault when the real issue is an application-level failure, such as a web server not responding on the configured health check path or port. Remember the mnemonic: “503 means the targets are not thriving, so check the health check path and port to keep traffic arriving.”

SOA-C02 Networking and Content Delivery Practice Question

This SOA-C02 practice question tests your understanding of networking and content delivery. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A company has an Application Load Balancer (ALB) that routes traffic to an Auto Scaling group of EC2 instances. The security group for the ALB allows inbound HTTP traffic from 0.0.0.0/0. The EC2 instances have a security group that allows inbound traffic from the ALB's security group. Users report intermittent 503 errors. What is the most likely cause?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

Question 1easymultiple choice
Review the full routing breakdown →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

The EC2 instances are not passing the ALB health checks.

The 503 Service Unavailable error from an Application Load Balancer typically indicates that the target instances are not healthy and are not passing the configured health checks. When the ALB's health checks fail, it stops routing traffic to those instances, resulting in 503 errors for users. Since the security group configurations appear correct (ALB allows inbound HTTP from 0.0.0.0/0 and EC2 allows traffic from the ALB's security group), the most likely cause is that the EC2 instances are failing health checks due to application-level issues, such as the web server not responding on the health check path or port.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The EC2 instances are not passing the ALB health checks.

    Why this is correct

    Healthy instances are required for the ALB to forward traffic; if health checks fail, the instances are marked unhealthy and the ALB returns 503.

    Clue confirmation

    The clue word "most likely" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • The ALB is deployed in a private subnet without a NAT gateway.

    Why it's wrong here

    ALBs can be public or internal; a public ALB must be in a public subnet with an internet gateway. A private subnet ALB would not be reachable from the internet, but the issue is intermittent 503, not total unreachability.

  • The target group is configured with an incorrect protocol or port.

    Why it's wrong here

    If the protocol or port were incorrect, health checks would consistently fail, not intermittently.

  • The security group on the ALB does not allow inbound traffic from the internet.

    Why it's wrong here

    The ALB security group allows inbound HTTP from 0.0.0.0/0, so this is not the issue.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates often focus on security group misconfigurations (like option D) or network connectivity issues (like option B), but the intermittent nature of the 503 error is a key clue pointing to health check failures rather than a permanent configuration mistake.

Detailed technical explanation

How to think about this question

ALB health checks are sent from the load balancer's private IP addresses to the target instances on the configured health check port and path (default is HTTP:80/). If the instance's web server returns a non-200 status code, times out, or the health check path returns an error, the ALB marks the instance as unhealthy and stops sending traffic to it. Intermittent 503 errors often occur when instances are failing health checks sporadically due to resource exhaustion (e.g., high CPU or memory), application crashes, or misconfigured health check paths that return errors under load.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A healthcare organisation deploys an application with a public-facing web tier and a private database tier. The database subnet has no public IP and only accepts connections from the web tier's security group. Questions like this test whether you can design cloud network isolation using VNets/VPCs, subnets, and security group rules.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SOA-C02 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SOA-C02 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SOA-C02 question test?

Networking and Content Delivery — This question tests Networking and Content Delivery — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: The EC2 instances are not passing the ALB health checks. — The 503 Service Unavailable error from an Application Load Balancer typically indicates that the target instances are not healthy and are not passing the configured health checks. When the ALB's health checks fail, it stops routing traffic to those instances, resulting in 503 errors for users. Since the security group configurations appear correct (ALB allows inbound HTTP from 0.0.0.0/0 and EC2 allows traffic from the ALB's security group), the most likely cause is that the EC2 instances are failing health checks due to application-level issues, such as the web server not responding on the health check path or port.

What should I do if I get this SOA-C02 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

3 more ways this is tested on SOA-C02

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. A company has deployed an Application Load Balancer (ALB) in a VPC. The ALB is configured with a target group pointing to EC2 instances in a private subnet. Clients receive HTTP 503 errors. What is the likely cause?

medium
  • A.The ALB does not have an Elastic IP address.
  • B.The security group for the ALB does not allow inbound HTTP traffic.
  • C.The target instances are unhealthy and the target group has zero healthy hosts.
  • D.The route table for the private subnet does not have a route to the ALB.

Why C: Option B is correct because 503 indicates the target group has no healthy instances. Option A is wrong because security group not allowing HTTP would cause timeout or 502. Option C is wrong because a missing route table would cause no connectivity at all. Option D is wrong because the ALB does not need an Elastic IP.

Variation 2. A company is using an Application Load Balancer (ALB) to distribute traffic to a fleet of EC2 instances. The SysOps administrator receives reports that some users are experiencing intermittent HTTP 503 errors. What is the most likely cause?

easy
  • A.The security group attached to the ALB does not allow inbound traffic on port 443.
  • B.The health checks are failing for the target group, causing the ALB to stop sending traffic to all instances.
  • C.The EC2 instances do not have the correct IAM role to register with the ALB.
  • D.The ALB idle timeout is set too low.

Why B: HTTP 503 errors from an Application Load Balancer typically indicate that the target group has no healthy registered targets. When health checks fail for all instances in the target group, the ALB cannot route traffic to any backend, resulting in a 503 response. This is the most common cause of intermittent 503 errors in ALB architectures.

Variation 3. A company is using an Application Load Balancer (ALB) to distribute traffic to a set of EC2 instances. Users report intermittent 503 errors. Which of the following is the MOST likely cause?

medium
  • A.The health check interval is set too low, causing the ALB to mark instances as unhealthy prematurely.
  • B.The SSL certificate on the ALB has expired.
  • C.The security group for the ALB is blocking incoming traffic.
  • D.The target instances are not healthy or are overloaded.

Why D: Option C is correct because 503 errors from an ALB typically indicate that the target instances are not healthy or are overwhelmed, causing the ALB to return a 503 Service Unavailable response. Option A is wrong because security group rules blocking traffic would result in 504 errors, not 503. Option B is wrong because incorrect health check configuration can cause targets to be marked unhealthy, but the symptom is still 503; however, the most direct cause is unhealthy targets. Option D is wrong because SSL certificate issues cause 502 errors, not 503.

Keep practising

More SOA-C02 practice questions

Last reviewed: Jun 24, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SOA-C02 practice question is part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SOA-C02 exam.