AWS Certified Advanced Networking – Specialty ANS-C00 – Question196 | AWS Certified Advanced Networking

To allow all traffic to access an instance in "Subnet 1" that uses "Security Group 1", what two options need to be configured? (Choose two.)

A. NACL rule allowing 0.0.0.0/0 to access "Subnet 1"
B. Security Group rule in "Security Group 1" that allows 0.0.0.0/0 inbound
C. Security Group rule in "Security Group 1" that allows outbound traffic to 0.0.0.0/0
D. NACL rule allowing 0.0.0.0/0 to access "Security Group 1"

Correct Answer: AB

Explanation:

Explanation:
You must allow traffic through the NACL and through the Security Group to access the instance. If there is not an Outbound allow setup in the NACL, you may need to set that, but an outbound rule for Security Group 1 is not necessary as security groups are stateful.