Which combination of steps should the security engineer take to allow the EC2 instances that are running in these two subnets to communicate again?

An AWS account that is used for development projects has a VPC that contains two subnets. The first subnet is named public-subnet-1 and has the CIDR block 192.168.1.0/24 assigned. The other subnet is named private-subnet-2 and has the CIDR block 192.168.2.0/24 assigned. Each subnet contains Amazon EC2 instances.

Each subnet is currently using the VPC’s default network ACL. The security groups that the EC2 instances in these subnets use have rules that allow traffic between each instance where required. Currently, all network traffic flow is working as expected between the EC2 instances that are using these subnets.

A security engineer creates a new network ACL that is named subnet-2-NACL with default entries. The security engineer immediately configures private-subnet-2 to use the new network ACL and makes no other changes to the infrastructure. The security engineer starts to receive reports that the EC2 instances in public-subnet-1 and public-subnet-2 cannot communicate with each other.

Which combination of steps should the security engineer take to allow the EC2 instances that are running in these two subnets to communicate again? (Select TWO.)
A . Add an outbound allow rule for 192.168.2.0/24 in the VPC’s default network ACL.
B . Add an inbound allow rule for 192.168.2.0/24 in the VPC’s default network ACL.
C . Add an outbound allow rule for 192.168.2.0/24 in subnet-2-NACL.
D . Add an inbound allow rule for 192.168.1.0/24 in subnet-2-NACL.
E . Add an outbound allow rule for 192.168.1.0/24 in subnet-2-NACL.

View Answer

Answer: C D

Explanation:

This rule would allow traffic originating from the public-subnet-1 (192.168.1.0/24) to flow to the private-subnet-2. This would enable the instances in public-subnet-1 to communicate with the instances in private-subnet-2.

By configuring these rules, the security engineer should be able to reestablish the communication between the EC2 instances in both subnets. It’s essential to remember that Network ACLs are stateless, meaning that both inbound and outbound rules are needed to allow the bidirectional flow of traffic.