ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 282 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 282
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company runs a web application that is deployed on Amazon EC2 instances in the private subnet of a VPC. An Application Load Balancer (ALB) that extends across the public subnets directs web traffic to the EC2 instances. The company wants to implement new security measures to restrict inbound traffic from the ALB to the EC2 instances while preventing access from any other source inside or outside the private subnet of the EC2 instances.

Which solution will meet these requirements?

  • A. Configure a route in a route table to direct traffic from the internet to the private IP addresses of the EC2 instances.
  • B. Configure the security group for the EC2 instances to only allow traffic that comes from the security group for the ALB.
  • C. Move the EC2 instances into the public subnet. Give the EC2 instances a set of Elastic IP addresses.
  • D. Configure the security group for the ALB to allow any TCP traffic on any port.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Bhawesh at Feb. 17, 2023, 4:04 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Abrar2022
Highly Voted 1 year, 3 months ago
Read the discussion, that’s the whole point why examtopics picks the wrong answer. Follow most voted answer not examtopics answer
upvoted 12 times
...
Guru4Cloud
Highly Voted 1 year ago
Selected Answer: B
Configure the security group for the EC2 instances to only allow traffic that comes from the security group for the ALB
upvoted 7 times
...
Rcosmos
Most Recent 2 months, 1 week ago
Selected Answer: B
Solução Detalhada: Configure o grupo de segurança do EC2 com uma regra de entrada para permitir conexões apenas do grupo de segurança do ALB. A AWS permite essa associação dinâmica, o que garante que apenas o tráfego legítimo roteado pelo ALB possa chegar às instâncias. Essa é uma prática recomendada e atende ao objetivo de restringir o acesso às instâncias do EC2.
upvoted 1 times
...
Rcosmos
2 months, 1 week ago
Selected Answer: B
Explicação Requisito: Garantir que o tráfego para as instâncias do EC2 só venha do Application Load Balancer (ALB) e não de outras fontes dentro ou fora da sub-rede privada. Como funciona: O grupo de segurança associado às instâncias do EC2 pode ser configurado para aceitar tráfego apenas de outro grupo de segurança, neste caso, o do ALB. Isso cria uma relação explícita, onde as instâncias do EC2 só aceitam conexões originadas pelo ALB, independentemente de sua localização (sub-rede pública ou privada).
upvoted 1 times
...
awslearner7
1 year, 2 months ago
can anybody explains the question?
upvoted 2 times
David_Ang
11 months ago
is just admins fault dont worry, he just made a mistake, because "C" doesnt make any sence
upvoted 1 times
...
theochan
8 months, 2 weeks ago
i don't even understand what the question is trying to ask
upvoted 1 times
...
...
antropaws
1 year, 4 months ago
Selected Answer: B
It's very confusing that the system marks C as correct.
upvoted 3 times
...
FFO
1 year, 5 months ago
Selected Answer: B
This is B. Question already tells us they only want ONLY traffic from the ALB.
upvoted 2 times
...
TariqKipkemei
1 year, 6 months ago
Answer is B
upvoted 2 times
TariqKipkemei
12 months ago
A security group acts as a firewall that controls the traffic allowed to and from the resources in your virtual private cloud (VPC).
upvoted 2 times
...
...
GalileoEC2
1 year, 6 months ago
Why C! another cazy answer , If i am concern about security why I would want to expose my EC2 to the public internet,not make sense at all, am I correct with this? I also go with B
upvoted 3 times
...
LuckyAro
1 year, 7 months ago
Selected Answer: B
B is the correct answer.
upvoted 3 times
...
kpato87
1 year, 7 months ago
Selected Answer: B
configure the security group for the EC2 instances to only allow traffic that comes from the security group for the ALB. This ensures that only the traffic originating from the ALB is allowed access to the EC2 instances in the private subnet, while denying any other traffic from other sources. The other options do not provide a suitable solution to meet the stated requirements.
upvoted 5 times
...
Bhawesh
1 year, 7 months ago
Selected Answer: B
B. Configure the security group for the EC2 instances to only allow traffic that comes from the security group for the ALB.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago