Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 388 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 388
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is deploying a two-tier web application in a VPC. The web tier is using an Amazon EC2 Auto Scaling group with public subnets that span multiple Availability Zones. The database tier consists of an Amazon RDS for MySQL DB instance in separate private subnets. The web tier requires access to the database to retrieve product information.

The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for the network ACLs, security groups, and route tables are still in their default states.

What should a solutions architect recommend to fix the application?

  • A. Add an explicit rule to the private subnet’s network ACL to allow traffic from the web tier’s EC2 instances.
  • B. Add a route in the VPC route table to allow traffic between the web tier’s EC2 instances and the database tier.
  • C. Deploy the web tier's EC2 instances and the database tier’s RDS instance into two separate VPCs, and configure VPC peering.
  • D. Add an inbound rule to the security group of the database tier’s RDS instance to allow traffic from the web tiers security group.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by [deleted] at March 10, 2023, 3:49 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
TariqKipkemei
Highly Voted 1 year, 1 month ago
Selected Answer: D
Security group defaults block all inbound traffic..Add an inbound rule to the security group of the database tier’s RDS instance to allow traffic from the web tiers security group
upvoted 9 times
...
ExamGuru727
Most Recent 3 months, 1 week ago
Selected Answer: D
For those questioning why the answer is not A: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html Default NACLs allow all traffic, and in this question NACLs, SGs and route tables are in their default states.
upvoted 2 times
...
hgjdsh
3 months, 2 weeks ago
Selected Answer: A
I think the answer should be A. Sine the services are in different subnets, the NACL would by default block all the incoming traffic to the subnet. Security group rule wouldn't be able to override NACL rule.
upvoted 1 times
...
njufi
3 months, 2 weeks ago
I selected option D as well, but I have a question regarding option A. Considering that the EC2 instances and the RDS are located in different subnets, shouldn't the network ACLs for each subnet allow traffic from one another as well? Given that the default settings for network ACLs typically block all traffic, wouldn't it be necessary to explicitly permit communication between the subnets?
upvoted 1 times
...
smartegnine
1 year ago
Selected Answer: D
Security Groups are tied on instance where as network ACL are tied to Subnet.
upvoted 4 times
...
elearningtakai
1 year, 3 months ago
Selected Answer: D
By default, all inbound traffic to an RDS instance is blocked. Therefore, an inbound rule needs to be added to the security group of the RDS instance to allow traffic from the security group of the web tier's EC2 instances.
upvoted 3 times
...
Russs99
1 year, 3 months ago
Selected Answer: D
D is the correct answer
upvoted 1 times
...
aragon_saa
1 year, 3 months ago
D https://www.examtopics.com/discussions/amazon/view/81445-exam-aws-certified-solutions-architect-associate-saa-c02/
upvoted 1 times
...
KAUS2
1 year, 3 months ago
Selected Answer: D
D is correct option
upvoted 1 times
...
[Removed]
1 year, 3 months ago
Selected Answer: D
ddddddd
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in

Claim Offer Now
286 people claimed it in the last 6 hours