AmazonAmazon
SCS-C02 · Question #345
SCS-C02 Question #345: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #345. The question stem and answer options stay visible for context.
Submitted by devops_kid· Mar 6, 2026
Question
An application running on EC2 instances in a VPC must call an external web service via TLS (port 443). The instances run in public subnets. Which configurations below allow the application to function and minimize the exposure of the instances? Select 2 answers from the options given below
Options
- AA network ACL with a rule that allows outgoing traffic on port 443.
- BA network ACL with rules that allow outgoing traffic on port 443 and incoming traffic on ephemeral
- CA network ACL with rules that allow outgoing traffic on port 443 and incoming traffic on port 443.
- DA security group with a rule that allows outgoing traffic on port 443
- EA security group with rules that allow outgoing traffic on port 443 and incoming traffic on
- FA security group with rules that allow outgoing traffic on port 443 and incoming traffic on port 443.
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.