a. If you have already configured an outbound rule allowing traffic to be sent from your EC2 instance, you do not need to configure a corresponding inbound rule to allow the incoming response to the request
b. If you have configured an outbound rule allowing traffic to be sent from your EC2 instance, you will also need to configure a corresponding inbound rule to allow the incoming response to the request
c. Security Groups are stateless
d. Security Groups are stateful
Correct answers in the quiz are a and d.
According to this documentation: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
"For each security group, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic. When you create a security group, it has no inbound rules. Therefore, no inbound traffic originating from another host to your instance is allowed until you add inbound rules to the security group."
I feel the correct answers should be b and d.
A and D are the correct answers, and the expected one in the real exam. The question is not on the control of the inbound traffic, it’s about Security Groups characteristics. They are statefull, hence allowing a an ingress (or an egress) rule will implicitely allow the response to any request sent via this rule.