Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 884 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 884
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A solutions architect is designing a three-tier web application. The architecture consists of an internet-facing Application Load Balancer (ALB) and a web tier that is hosted on Amazon EC2 instances in private subnets. The application tier with the business logic runs on EC2 instances in private subnets. The database tier consists of Microsoft SQL Server that runs on EC2 instances in private subnets. Security is a high priority for the company.

Which combination of security group configurations should the solutions architect use? (Choose three.)

  • A. Configure the security group for the web tier to allow inbound HTTPS traffic from the security group for the ALB.
  • B. Configure the security group for the web tier to allow outbound HTTPS traffic to 0.0.0.0/0.
  • C. Configure the security group for the database tier to allow inbound Microsoft SQL Server traffic from the security group for the application tier.
  • D. Configure the security group for the database tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.
  • E. Configure the security group for the application tier to allow inbound HTTPS traffic from the security group for the web tier.
  • F. Configure the security group for the application tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.
Show Suggested Answer Hide Answer
Suggested Answer: ACE 🗳️
by sandordini at April 30, 2024, 4:39 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
EdricHoang
Highly Voted 5 months, 1 week ago
Selected Answer: ACE
Security group is stateful, just need allow Inbound.
upvoted 5 times
KennethNg923
5 months, 1 week ago
Agree since security group is stateful so allow inbound is enough
upvoted 2 times
...
...
Scheldon
Most Recent 5 months, 3 weeks ago
Selected Answer: ACE
AnswerACE: Security Group is protecting instances, it's statefull. by defoult is allowing for outgoing traffic but not incomming. hence we need to allow for inboud traffic. path looks like below ALB >>HTTPS>> WEB tier >>HTTPS>> Application >>SQL traffic>> SQL DB hence we need allow for incoming https traffic on web tier then incomming http on app tier and on the end for incomming sql traffic on DB tier
upvoted 3 times
...
sandordini
6 months, 3 weeks ago
Selected Answer: ACE
ALB >>HTTPS>> WEB tier >>HTTPS>> Application >>SQL traffic>> SQL DB
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel