You’re hosting an NGINX web server running on port 80 on an EC2 Instance. Users are not able to access the server running on port 80. Which of the following could be an issue?

Answer options:

A.The Security Group does not allow outbound traffic on port 80.
B.The NACL doesn’t allow outbound traffic on ephemeral ports.
C.The NACL doesn’t allow inbound traffic on ephemeral ports.
D.The Security Group does not allow inbound traffic on ephemeral ports.

Answer – B
Options A and C are incorrect because the Security Group should only allow inbound traffic on port 80.
Option C is incorrect because it should be the outbound traffic for ephemeral ports.
When a connection is established on a client, you need to ensure that outbound traffic is enabled on any ephemeral ports for the client.
This is also given in the AWS Documentation.
Ephemeral Ports
The example network ACL in the preceding section uses an ephemeral port range of 32768-65535. However, you might want to use a different range for your network ACLs depending on the type of client that you`re using or with which you`re communicating.
The client that initiates the request chooses the ephemeral port range. The range varies depending on the client`s operating system. Many Linux kernels (including the Amazon Linux kernel) use ports 32768-61000. Requests originating from Elastic Load Balancing use ports 1024-65535. Windows operating systems through Windows Server 2003 use ports 1025-5000. Windows Server 2008 and later versions use ports 49152-65535. A NAT gateway uses ports 1024-65535. For example, if a request comes into a web server in your VPC from a Windows XP client on the Internet, your network ACL must have an outbound rule to enable traffic destined for ports 1025-5000.
For more information on NACLs, please refer to the below URL
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html