Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Associate Looks like the answers to one of the questions is incorrect

Tagged: 

  • Looks like the answers to one of the questions is incorrect

     TutorialsDojo-Support updated 3 years, 9 months ago 2 Members · 2 Posts
    AWS Certified Solutions Architect Associate

  • Dash

    Member
    July 29, 2020 at 6:48 am

    Can you please help me give some details in understanding how the answer D is correct?

    You have two On-Demand EC2 instances inside your Virtual Private Cloud in the same Availability Zone but are deployed to different subnets. One EC2 instance is running a database and the other EC2 instance a web application that connects with the database. You want to ensure that these two instances can communicate with each other for your system to work properly.

    What are the things you have to check so that these EC2 instances can communicate inside the VPC? (Select TWO.)

    (A) Check if the default route is set to a NAT instance or Internet Gateway (IGW) for them to communicate.

    (B) Check if both instances are the same instance class.

    (C) Check if all security groups are set to allow the application host to communicate to the database on the right port and protocol.

    (D) Check the Network ACL if it allows communication between the two subnets.

    Ensure that the EC2 instances are in the same Placement Group.

    The answers says that C and D are correct – The answer D seems kind of strange. All the EC2 instances in different subnets inside a VPC can communicate by default. How is it possible to stop communication between two subnets? NACL is at a subnet level and can only prevent inbound/outbound traffic from external to subnet – but how can you stop the communication between two subnets using a NACL?

  • TutorialsDojo-Support

    Member
    July 29, 2020 at 9:20 am

    Hello Dash,

    The scenario has two instances in different subnets, meaning you can create an NACL for inbound/outbound rules. Also, NACL operates at the subnet level. For your question, “How is it possible to stop communication between two subnets?”, you can use “Allow/Deny” whether to allow or deny the specified traffic.

    https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

    You might want to visit our Amazon VPC Cheat:

    AWS Cheat Sheet – Amazon VPC

    I hope this helps.

    Regards,

    Gerome Pagatpatan @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now