Exam AWS-SysOps topic 1 question 582 discussion

B & C Security group egress rule is required ONLY if the RDS is initiating traffic. Security Group is statefull, so if traffic is allowed IN, then the response will automatically be allowed OUT! The issue here is, the SG for IN traffic is not allowed, so it is possible issue. second, and by elimination, D is not correct, and A is not correct. So, B is true. B & C.

A&C I think. B says web server's certificate not trusted by DB, DB doesn't need to trust the webserver, its the other way around. I don't think they are saying you need two separate security groups (because we know its stateful), its just saying that at least part of that two-way comm is missing

Please note that without further information, it is difficult to determine the exact causes of the connectivity problems. Other factors such as network configuration, database configuration, or application-specific issues could also contribute to the problem. Additional troubleshooting and investigation would be required to pinpoint the exact causes.

I found the same question with an extra answer: E. The port used by the application developer does not match the port specified in the RDS configuration. Could this be the correct missing answer since B may still be questionable?

Only C is correct. For A to be correct it should be NACL, not SG. B is not correct because the webserver certificate is not involved in this communication. D is not relevant at all

Based on the current options, we have to select B&C. Although I don't think the error for SSL/TLS connection is "Error Establishing a Database Connection". It should be something like "SSL connection error".

B | C are the answers If the SG does not allows traffic coming from EC2, it will not get to RDS DB. (C) (B) can be the other answer if you are using SSL/TLS to encrypt a connection to a DB

A and C is correct.. B > Here they are talking about Website SSL not the RDS. D > Data is queried from Bastion.. So database is up and running fine.

B & C B: The certificate used by the web server is not trusted by the RDS instance. https://aws.amazon.com/blogs/database/amazon-rds-customers-update-your-ssl-tls-certificates-by-february-5-2020/ What applications are impacted? Any application that connects to an RDS database using SSL/TLS, and which also requires server certificate validation against the application’s trust store (or a hardcoded client certificate) is impacted by this change. What happens if I don’t make the required change by March 5, 2020? If you do not make the change by March 5, 2020, your applications that connect via SSL/TLS and verify that the CA certificate will no longer be able to communicate with their RDS DB instances. C: Connection from Application to RDS, so ingress rule is correct.

It is C & D. When ingress rules are not setup properly or when the DB instance is still being created and available for connectivity. The error clearly says: *** Error Establishing a Database Connection*** Either the db is not available or security group rules are not setup properly.

B doesn't seem right too, why does the database need to trust the web server certificate?

Must be b & c.

if you go by elimination rule... D is not correct, as you could query the database. B is certificate related,

why a is right?