ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 208 discussion

Exam question from Amazon's AWS-SysOps
Question #: 208
Topic #: 1
[All AWS-SysOps Questions]

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24.
The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306). The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp). Which of the below mentioned entries is required in the private subnet database security group (DBSecGrp)?

  • A. Allow Inbound on port 3306 for Source Web Server Security Group (WebSecGrp)
  • B. Allow Inbound on port 3306 from source 20.0.0.0/16
  • C. Allow Outbound on port 3306 for Destination Web Server Security Group (WebSecGrp)
  • D. Allow Outbound on port 80 for Destination NAT Instance IP
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the private subnet can receive inbound traffic from the public subnet on the DB port. Thus, configure port 3306 in Inbound with the source as the Web Server Security Group (WebSecGrp). The user should configure ports 80 and 443 for Destination 0.0.0.0/0 as the route table directs traffic to the NAT instance from the private subnet.
by awscertified at March 8, 2020, 11:04 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dexdinh91
5 months ago
Selected Answer: C
C is correct
upvoted 1 times
...
aidenpearce01
2 years, 1 month ago
Selected Answer: A
By default the outbound will allow all , so all we have to do it's add the inbound so i will go with A. Also this is a typical question from SAA
upvoted 1 times
...
mgurkan
2 years, 5 months ago
Correct Answer is A
upvoted 1 times
...
TroyMcLure
2 years, 5 months ago
Correct Answer: A Please remember that security groups are statefull, so the outgoing rule is not necessary.
upvoted 2 times
...
davidsf
2 years, 6 months ago
A is correct here. The question specifically asks about an entry for the DBSecGrp group.
upvoted 2 times
...
kenkct
2 years, 6 months ago
C. This is a twist and turn question or the author is very poor in grammar. it is actually asking how to configure WebSecGrp to access DB, thus outbound port 3306 from WebSecGrp to destination DB is correct.
upvoted 1 times
...
jerry19
2 years, 7 months ago
It woud help if you'd put a link or rationale for your answer. But you don't...ever. Answer C. The inbound rule in your security group must allow traffic on all ports. It needs to do this because the destination port number of any inbound return packets is set to a randomly allocated port number. https://www.examtopics.com/exams/amazon/aws-sysops/view/ Also review a similarly worded question which supports answer of C. https://www.briefmenow.org/amazon/aws-sysops-user-has-created-vpc-with-the-public-and-private-subnets-using-the-vpc-wizard-the-vpc-has-cidr-20-16-the-public-subnet-uses-cidr-20-24-the-user-is/
upvoted 1 times
...
awscertified
2 years, 7 months ago
A. Allow Inbound on port 3306 for Source Web Server Security Group (WebSecGrp)
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago