ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 884 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 884
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A solutions architect is designing a three-tier web application. The architecture consists of an internet-facing Application Load Balancer (ALB) and a web tier that is hosted on Amazon EC2 instances in private subnets. The application tier with the business logic runs on EC2 instances in private subnets. The database tier consists of Microsoft SQL Server that runs on EC2 instances in private subnets. Security is a high priority for the company.

Which combination of security group configurations should the solutions architect use? (Choose three.)

  • A. Configure the security group for the web tier to allow inbound HTTPS traffic from the security group for the ALB.
  • B. Configure the security group for the web tier to allow outbound HTTPS traffic to 0.0.0.0/0.
  • C. Configure the security group for the database tier to allow inbound Microsoft SQL Server traffic from the security group for the application tier.
  • D. Configure the security group for the database tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.
  • E. Configure the security group for the application tier to allow inbound HTTPS traffic from the security group for the web tier.
  • F. Configure the security group for the application tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.
Show Suggested Answer Hide Answer
Suggested Answer: ACE 🗳️
by sandordini at April 30, 2024, 4:39 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
EdricHoang
Highly Voted 10 months, 1 week ago
Selected Answer: ACE
Security group is stateful, just need allow Inbound.
upvoted 6 times
KennethNg923
10 months, 1 week ago
Agree since security group is stateful so allow inbound is enough
upvoted 2 times
...
...
sk1974
Most Recent 1 month, 3 weeks ago
Selected Answer: ACE
Since SG's are stateful , allow inbound only. Ignore all outbound roles
upvoted 1 times
...
Scheldon
11 months ago
Selected Answer: ACE
AnswerACE: Security Group is protecting instances, it's statefull. by defoult is allowing for outgoing traffic but not incomming. hence we need to allow for inboud traffic. path looks like below ALB >>HTTPS>> WEB tier >>HTTPS>> Application >>SQL traffic>> SQL DB hence we need allow for incoming https traffic on web tier then incomming http on app tier and on the end for incomming sql traffic on DB tier
upvoted 3 times
...
sandordini
11 months, 4 weeks ago
Selected Answer: ACE
ALB >>HTTPS>> WEB tier >>HTTPS>> Application >>SQL traffic>> SQL DB
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago