AWS Certified SysOps Administrator SOA-C01 – Question655

An Amazon EC2 instance is unable to connect an SMTP server in a different subnet. Other instances are successfully communicating with the SMTP server, however VPC Flow Logs have been enabled on the SMTP server’s network interface and show the following information:
2 223342798652 eni-abe77dab 10.1.1.200 10.100.1.10 1123 25 17 70 48252 1515534437 1515535037
REJECT OK
What can be done to correct this problem?

A.
Add the instance to the security group for the SMTP server and ensure that is permitted to communicate over TCP port 25.
B. Disable the iptables service on the SMTP server so that the instance can properly communicate over the network.
C. Install an email client on the instance to ensure that it communicates correctly on TCP port 25 to the SMTP server.
D. Add a rule to the security group for the instance to explicitly permit TCP port 25 outbound to any address.

Correct Answer: D