SCS-C02 · Question #442
SCS-C02 Question #442: Real Exam Question with Answer & Explanation
The correct answer is C: Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to the virtual. Since it is a requirement for traffic between the web servers and the internet to flow through the virtual security appliance, the route table for the web server subnet must have the 0.0.0.0/0 route pointing to this appliance. This setup ensures that all internet-bound traffic pa
Question
A security engineer has been asked to troubleshoot inbound connectivity to a web server. This single web server is not receiving inbound connections from the internet, whereas all other web servers are functioning properly. The architecture includes network ACLs, security groups, and a virtual security appliance. In addition, the development team has implemented Application Load Balancers (ALBs) to distribute the load across all web servers. It is a requirement that traffic between the web servers and the internet flow through the virtual security appliance. The security engineer has verified the following: 1. The rule set in the security groups is correct. 2. The rule set in the network ACLs is correct. 3. The rule set in the virtual appliance is correct. Which of the following are other valid items to troubleshoot in this scenario? (Choose two.)
Options
- AVerify that the 0.0.0.0/0 route in the route table for the web server subnet points to a NAT
- BVerify which security group is applied to the particular web server's elastic network interface
- CVerify that the 0.0.0.0/0 route in the route table for the web server subnet points to the virtual
- DVerify the registered targets in the ALB.
- EVerify that the 0.0.0.0/0 route in the public subnet points to a NAT gateway.
Explanation
Since it is a requirement for traffic between the web servers and the internet to flow through the virtual security appliance, the route table for the web server subnet must have the 0.0.0.0/0 route pointing to this appliance. This setup ensures that all internet-bound traffic passes through the virtual security appliance, meeting the requirement. Application Load Balancers (ALBs) need to have the correct targets (web servers) registered to route traffic to them. If the specific web server in question is not registered as a target in the ALB, it will not receive any inbound traffic. Verifying the ALB's target registration helps ensure the server is part of the load balancing pool.
Community Discussion
No community discussion yet for this question.