A cloud engineer is troubleshooting an issue where users cannot connect to a web application hosted on a cloud VM. The VM's security group allows HTTP (port 80) from 0.0.0.0/0, and the VM's OS firewall is disabled. The engineer can ping the VM's public IP from the internet. What is the most likely cause of the issue?
If the web server is not running, it won't respond on port 80, even though the network allows it.
Why this answer
Since the OS firewall is disabled and the security group allows HTTP from 0.0.0.0/0, the only remaining layer that could block connectivity is the application itself. If the web server service (e.g., Apache, Nginx, IIS) is not running on the VM, it will not listen on TCP port 80, so HTTP requests will be refused even though network-level access is permitted. The ability to ping the VM confirms IP-level reachability, isolating the issue to the application layer.
How to eliminate wrong answers
Option A is wrong because the OS firewall is explicitly stated as disabled, so it cannot be blocking port 80. Option B is wrong because routing tables on the VM control outbound traffic, not inbound connections to the VM; inbound traffic is handled by the cloud provider's virtual network and security groups. Option C is wrong because security groups are stateful and applied at the VM network interface level, not to subnets; even if the rule were misapplied, the VM's security group explicitly allows HTTP from 0.0.0.0/0, so this is not the cause.