The rule set in the virtual appliance is correct
Which of the following are other valid items to troubleshoot in this scenario? (Choose two.)
A . Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to a NAT gateway.
B . Verify which Security Group is applied to the particular web server’s elastic network interface (ENI).
C . Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to the virtual security appliance.
D . Verify the registered targets in the AL
F . Verify that the 0.0.0.0/0 route in the public subnet points to a NAT gateway.
Answer: C,D
Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html