A company is designing a web application with an internet-facing Application Load Balancer (ALB). The ALB must receive HTTPS traffic from the public internet, send only HTTPS traffic to EC2 web servers on port 443, and perform health checks over HTTPS on port 8443. Which combination of security group rules for the ALB will satisfy these requirements? (Choose three.)
Choose an answer
Tap an option to check your answer.
Correct answer: Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443., Allow HTTPS outbound traffic to the web application instances for port 443., Allow HTTPS outbound traffic to the web application instances for the health check on port 8443..
Why this is the answer
The ALB needs to accept incoming HTTPS traffic from the internet, so an inbound rule allowing HTTPS (port 443) from 0.0.0.0/0 is required. The ALB also needs to forward HTTPS traffic to the EC2 instances on port 443, necessitating an outbound rule for HTTPS to the instances on port 443. Finally, the ALB performs health checks over HTTPS on port 8443, so an outbound rule for HTTPS to the instances on port 8443 is needed. The incorrect options involve inbound rules from the web application instances, which are not necessary for the ALB's function, or incorrect port/protocol combinations.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed