Topic 1 Question 884
3 つ選択A solutions architect is designing a three-tier web application. The architecture consists of an internet-facing Application Load Balancer (ALB) and a web tier that is hosted on Amazon EC2 instances in private subnets. The application tier with the business logic runs on EC2 instances in private subnets. The database tier consists of Microsoft SQL Server that runs on EC2 instances in private subnets. Security is a high priority for the company.
Which combination of security group configurations should the solutions architect use?
Configure the security group for the web tier to allow inbound HTTPS traffic from the security group for the ALB.
Configure the security group for the web tier to allow outbound HTTPS traffic to 0.0.0.0/0.
Configure the security group for the database tier to allow inbound Microsoft SQL Server traffic from the security group for the application tier.
Configure the security group for the database tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.
Configure the security group for the application tier to allow inbound HTTPS traffic from the security group for the web tier.
Configure the security group for the application tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: ACE
Security group is stateful, just need allow Inbound.
👍 6EdricHoang2024/06/15 - 正解だと思う選択肢: ACE
ALB >>HTTPS>> WEB tier >>HTTPS>> Application >>SQL traffic>> SQL DB
👍 3sandordini2024/04/30 - 正解だと思う選択肢: ACE
AnswerACE:
Security Group is protecting instances, it's statefull. by defoult is allowing for outgoing traffic but not incomming. hence we need to allow for inboud traffic. path looks like below ALB >>HTTPS>> WEB tier >>HTTPS>> Application >>SQL traffic>> SQL DB hence we need allow for incoming https traffic on web tier then incomming http on app tier and on the end for incomming sql traffic on DB tier
👍 3Scheldon2024/05/28
シャッフルモード