Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 74 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 74
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A solutions architect is designing a two-tier web application. The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets. The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet. Security is a high priority for the company.
How should security groups be configured in this situation? (Choose two.)

  • A. Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.
  • B. Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.
  • C. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.
  • D. Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier.
  • E. Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by srcshekhar at Oct. 13, 2022, 7:46 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Athena
Highly Voted 2 years ago
Selected Answer: AC
Web Server Rules: Inbound traffic from 443 (HTTPS) Source 0.0.0.0/0 - Allows inbound HTTPS access from any IPv4 address Database Rules : 1433 (MS SQL)The default port to access a Microsoft SQL Server database, for example, on an Amazon RDS instance https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html
upvoted 28 times
...
ArielSchivo
Highly Voted 2 years, 1 month ago
Selected Answer: AC
EC2 web on public subnets + EC2 SQL on private subnet + security is high priority. So, Option A to allow HTTPS from everywhere. Plus option C to allow SQL connection from the web instance.
upvoted 19 times
...
PaulGa
Most Recent 2 months ago
Selected Answer: AC
Ans A, C - allow public access for all input, but control access to database: source 0.0.0.0/0, control access on port 1433 (MS SQL)
upvoted 1 times
...
awsgeek75
10 months, 1 week ago
Selected Answer: AC
SG are blocked by default and stateful so A: Allows inbound traffic from web to the HTTPS default port on web servers B: Outbound is not required if inbound is configured due to stateful nature of SG C: 1433 is SQL default so allow access from web-tier only D: Opens up the database to web on 1433 port E: opens up 443 port unnecessarily on the DB tier so less secure AC is the most secure config
upvoted 3 times
...
TariqKipkemei
1 year, 3 months ago
Selected Answer: AC
Allow inbound traffic on port 443 from 0.0.0.0/0 on the web tier. Then allow inbound traffic on port 1433 from the security group for the web tier on the database tier.
upvoted 1 times
...
Guru4Cloud
1 year, 3 months ago
Selected Answer: AC
The security group for the web tier should allow inbound traffic on port 443 from 0.0.0.0/0. This will allow clients to connect to the web tier using HTTPS. The security group for the web tier should also allow outbound traffic on port 443 to 0.0.0.0/0. This will allow the web tier to connect to the internet to download updates and other resources. The security group for the database tier should allow inbound traffic on port 1433 from the security group for the web tier. This will allow the web tier to connect to the database tier to access data. The security group for the database tier should not allow outbound traffic on ports 443 and 1433 to the security group for the web tier. This will prevent the database tier from being exposed to the public internet.
upvoted 4 times
...
cookieMr
1 year, 5 months ago
Selected Answer: AC
A. This configuration allows external users to access the web tier over HTTPS (port 443). However, it's important to note that it is generally recommended to restrict the source IP range to a more specific range rather than allowing access from 0.0.0.0/0 (anywhere). This would limit access to only trusted sources. C. By allowing inbound traffic on port 1433 (default port for Microsoft SQL Server) from the security group associated with the web tier, you ensure that the database tier can only be accessed by the EC2 instances in the web tier. This provides a level of isolation and restricts direct access to the database tier from external sources.
upvoted 3 times
...
Abrar2022
1 year, 6 months ago
DB tier: Port 1433 is the known standard for SQL server and should be used. web tier on port 443 (HTTPS)
upvoted 4 times
...
beginnercloud
1 year, 6 months ago
Selected Answer: AC
AC is correct
upvoted 1 times
...
WherecanIstart
1 year, 8 months ago
A & C are the correct answer. Inbound traffic to the web tier on port 443 (HTTPS) The web tier will then access the Database tier on port 1433 - inbound.
upvoted 1 times
...
techhb
1 year, 10 months ago
Selected Answer: AC
AC 443-http inbound and 1433-sql server Security group => focus on inbound traffic since by default outboud traffic is allowed
upvoted 2 times
...
aba2s
1 year, 10 months ago
Selected Answer: AC
Security group => focus on inbound traffic since by default outboud traffic is allowed
upvoted 2 times
...
orionizzie
1 year, 11 months ago
why both are inbound rules
upvoted 2 times
kraken21
1 year, 7 months ago
Because security groups are stateful.
upvoted 2 times
...
...
Buruguduystunstugudunstuy
1 year, 11 months ago
Selected Answer: CE
***CORRECT*** The correct answers are C and E. For security purposes, it is best practice to limit inbound and outbound traffic as much as possible. In this case, the web tier should only be able to access the database tier and not the other way around. Therefore, the security group for the web tier should only allow outbound traffic to the security group for the database tier on the necessary ports. Similarly, the security group for the database tier should only allow inbound traffic from the security group for the web tier on the necessary ports. Answer C: Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier. This is correct because the web tier needs to be able to connect to the database on port 1433 in order to access the data.
upvoted 1 times
Buruguduystunstugudunstuy
1 year, 11 months ago
Answer E: Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier. This is correct because the web tier needs to be able to connect to the database on both port 443 and 1433 in order to access the data. ***WRONG*** Answer A: Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0. This is not correct because the web tier should not allow inbound traffic from the internet. Instead, it should only allow outbound traffic to the security group for the database tier.
upvoted 1 times
Buruguduystunstugudunstuy
1 year, 11 months ago
***WRONG*** Answer B: Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0. This is not correct because the web tier should not allow outbound traffic to the internet. Instead, it should only allow outbound traffic to the security group for the database tier. Answer D: Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier. This is not correct because the database tier should not allow outbound traffic to the web tier. Instead, it should only allow inbound traffic from the security group for the web tier on the necessary ports.
upvoted 1 times
techhb
1 year, 10 months ago
Chatgpt is unreliable this answer from same.
upvoted 1 times
...
...
pentium75
11 months ago
"The web tier needs to be able to connect to the database on both port 443 and 1433 in order to access the data" -> Nonsense, SQL Server needs only tcp/1433. Or tcp/1433 + udp/1433 plus the instance port if you have multiple instances. But you NEVER need tcp/443 to access SQL Server.
upvoted 1 times
...
...
PassNow1234
1 year, 11 months ago
This is WRONG. Browse to a website and type :443 at the end of it. IT will translate to HTTPS. HTTPS = 443. answers are A and C
upvoted 3 times
...
...
career360guru
1 year, 11 months ago
Selected Answer: AC
A and C
upvoted 1 times
...
Wpcorgan
2 years ago
A and C
upvoted 1 times
...
gcmrjbr
2 years ago
Agree with AC.
upvoted 2 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel