Topic 1 Question 87
2 つ選択A company has an application that runs on Amazon EC2 instances. A solutions architect is designing VPC infrastructure in an AWS Region where the application needs to access an Amazon Aurora DB Cluster. The EC2 instances are all associated with the same security group. The DB cluster is associated with its own security group.
The solutions architect needs to add rules to the security groups to provide the application with least privilege access to the DB Cluster.
Which combination of steps will meet these requirements?
Add an inbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the source over the default Aurora port.
Add an outbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the destination over the default Aurora port.
Add an inbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the source over the default Aurora port.
Add an outbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the destination over the default Aurora port.
Add an outbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the destination over the ephemeral ports.
ユーザの投票
コメント(9)
- 正解だと思う選択肢: BC
The correct combination of steps to meet these requirements is B and C.
B. Add an outbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the destination over the default Aurora port. This allows the instances to make outbound connections to the DB cluster on the default Aurora port.
C. Add an inbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the source over the default Aurora port. This allows connections to the DB cluster from the EC2 instances on the default Aurora port.
👍 14masetromain2023/01/15 - 正解だと思う選択肢: AC
To provide the application with least privilege access to the Aurora DB cluster, the solutions architect should add inbound rules to both the security groups.
For the EC2 instances' security group, an inbound rule should be added that allows traffic from the DB cluster's security group over the default Aurora port. This will allow the EC2 instances to communicate with the Aurora DB cluster.
For the Aurora DB cluster's security group, an inbound rule should be added that allows traffic from the EC2 instances' security group over the default Aurora port. This will allow the Aurora DB cluster to communicate with the EC2 instances.
By default all outbound rules are open, it's only the ingress that needs to allow traffic.
👍 7c73bf382023/02/15 https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/security-group-rules.html By default, security groups contain outbound rules that allow all outbound traffic. So why do we even need a outbound rule? Guys common. lets not confuse each other.
👍 5Gabehcoud2023/02/26
シャッフルモード