AWS Certified SysOps Administrator 2025 – 400 Free Practice Questions to Pass the Exam

When examining connectivity issues for an EC2 instance that has both Security Groups and Network ACLs configured, it's essential to understand how both work together to control traffic. Network ACLs (NACLs) operate at the subnet level and serve as an additional layer of security, providing a stateless filter for both inbound and outbound traffic. Security Groups, on the other hand, function at the instance level and are stateful, meaning they automatically allow return traffic for outbound requests.

Adjusting the configuration to allow both inbound and outbound traffic on Network ACLs is vital for enabling proper communication. If the NACL is too restrictive, it could block necessary traffic that the Security Group allows. For instance, if the NACL permits inbound traffic but restricts outbound traffic, the instance may receive requests but fail to respond, leading to connectivity problems. Therefore, ensuring that both inbound and outbound traffic is permitted in the NACL will facilitate seamless communication for the EC2 instance.

In this context, simply allowing inbound traffic on Security Groups, restricting Security Groups to outbound traffic only, or disabling Network ACLs entirely may not address the underlying connectivity issues and could compromise security layers in other ways, leading to further complications. Hence, the best solution is to ensure that the Network ACL