Practice free →
HomeAWS SysOps Associatecloudcomputingsysopsdeployment › A new EC2 launch in a private subnet repeatedly …

A new EC2 launch in a private subnet repeatedly fails to download a yum package. The instance has internet egress through a NAT Gateway. Most likely cause?

AThe Region is incorrect
BThe instance's CPU is too slow
CThe instance's security group or NACL is blocking outbound HTTPS (443) — packages won't fetch over a blocked port
DThe CloudWatch agent is unhealthy
Answer & Solution
Correct answer: C. The instance's security group or NACL is blocking outbound HTTPS (443) — packages won't fetch over a blocked port
Outbound 443 is required for yum/dnf to fetch packages from repositories. SG (stateful) and/or NACL (stateless) often block this in tight environments. Other options don't cause that specific failure.
Solve this in the app — AWS SysOps Associate practice & 24k+ MCQs →
Related questions