What is one cause of the problem?

A SysOps administrator is troubleshooting connection timeouts to an Amazon EC2 instance that has a public IP address. The instance has a private IP address of 172.31.16.139. When the SysOps administrator tries to ping the instance’s public IP address from the remote IP address 203.0.113.12, the response is "request timed out." The flow logs contain the following information:

What is one cause of the problem?
A . Inbound security group deny rule
B . Outbound security group deny rule
C . Network ACL inbound rules
D . Network ACL outbound rules

View Answer

Answer: C

Explanation:

The issue of "request timed out" when pinging the public IP address of the EC2 instance could be due to the Network ACL (NACL) inbound rules.

Check NACL Inbound Rules:

Network ACLs act at the subnet level and can explicitly allow or deny traffic to or from a subnet.

Ensure that the NACL associated with the subnet containing the EC2 instance has inbound rules that allow ICMP traffic (which is used for ping).

Example rule to allow inbound ICMP traffic:

Rule Number: 100

Type: ICMP

Protocol: 1

Port Range: N/A (ICMP doesn’t use ports)

Source: 0.0.0.0/0 (or specific IP range)

Allow/Deny: ALLOW

Reference: Network ACLs

Verify Security Groups:

Although the most probable cause is NACLs, also ensure that the security group attached to the instance allows inbound ICMP traffic.

By allowing ICMP traffic in the NACL inbound rules, you can resolve the timeout issue when pinging the EC2 instance.