A solutions architect is designing a three-tier web application with an internet-facing Application Load Balancer (ALB). The web tier and application tier run on Amazon EC2 instances in private subnets, and the database tier runs Microsoft SQL Server on EC2 instances in private subnets. Security is a high priority. Which combination of security group configurations should the architect use? (Choose three.)
Choose an answer
Tap an option to check your answer.
Correct answer: Configure the security group for the web tier to allow inbound HTTPS traffic from the security group for the ALB., Configure the security group for the database tier to allow inbound Microsoft SQL Server traffic from the security group for the application tier., Configure the security group for the application tier to allow inbound HTTPS traffic from the security group for the web tier..
Why this is the answer
The web tier security group must allow inbound HTTPS (port 443) from the ALB's security group to receive traffic. The application tier security group needs to allow inbound HTTPS from the web tier's security group for communication. The database tier security group should permit inbound Microsoft SQL Server traffic (port 1433) from the application tier's security group, ensuring only the application can access the database. Incorrect options: Outbound HTTPS to 0.0.0.0/0 from the web tier is overly permissive and not directly related to inbound communication from the ALB. The database tier does not typically initiate HTTPS or SQL Server traffic to the web tier; its communication is usually with the application tier. The application tier does not typically send HTTPS or SQL Server traffic to the web tier; it receives requests from the web tier and sends SQL Server requests to the database tier.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed