exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 388 discussion

A company is deploying a two-tier web application in a VPC. The web tier is using an Amazon EC2 Auto Scaling group with public subnets that span multiple Availability Zones. The database tier consists of an Amazon RDS for MySQL DB instance in separate private subnets. The web tier requires access to the database to retrieve product information.

The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for the network ACLs, security groups, and route tables are still in their default states.

What should a solutions architect recommend to fix the application?

  • A. Add an explicit rule to the private subnet’s network ACL to allow traffic from the web tier’s EC2 instances.
  • B. Add a route in the VPC route table to allow traffic between the web tier’s EC2 instances and the database tier.
  • C. Deploy the web tier's EC2 instances and the database tier’s RDS instance into two separate VPCs, and configure VPC peering.
  • D. Add an inbound rule to the security group of the database tier’s RDS instance to allow traffic from the web tiers security group.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
TariqKipkemei
Highly Voted 1 year, 1 month ago
Selected Answer: D
Security group defaults block all inbound traffic..Add an inbound rule to the security group of the database tier’s RDS instance to allow traffic from the web tiers security group
upvoted 13 times
...
smartegnine
Highly Voted 1 year ago
Selected Answer: D
Security Groups are tied on instance where as network ACL are tied to Subnet.
upvoted 5 times
...
ExamGuru727
Most Recent 2 months, 4 weeks ago
Selected Answer: D
For those questioning why the answer is not A: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html Default NACLs allow all traffic, and in this question NACLs, SGs and route tables are in their default states.
upvoted 5 times
...
hgjdsh
3 months ago
Selected Answer: A
I think the answer should be A. Sine the services are in different subnets, the NACL would by default block all the incoming traffic to the subnet. Security group rule wouldn't be able to override NACL rule.
upvoted 1 times
...
njufi
3 months ago
I selected option D as well, but I have a question regarding option A. Considering that the EC2 instances and the RDS are located in different subnets, shouldn't the network ACLs for each subnet allow traffic from one another as well? Given that the default settings for network ACLs typically block all traffic, wouldn't it be necessary to explicitly permit communication between the subnets?
upvoted 2 times
...
elearningtakai
1 year, 2 months ago
Selected Answer: D
By default, all inbound traffic to an RDS instance is blocked. Therefore, an inbound rule needs to be added to the security group of the RDS instance to allow traffic from the security group of the web tier's EC2 instances.
upvoted 4 times
...
Russs99
1 year, 3 months ago
Selected Answer: D
D is the correct answer
upvoted 2 times
...
aragon_saa
1 year, 3 months ago
D https://www.examtopics.com/discussions/amazon/view/81445-exam-aws-certified-solutions-architect-associate-saa-c02/
upvoted 2 times
...
KAUS2
1 year, 3 months ago
Selected Answer: D
D is correct option
upvoted 2 times
...
[Removed]
1 year, 3 months ago
Selected Answer: D
ddddddd
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago