A solutions architect is designing a two-tier web application. The web tier is public-facing on Amazon EC2 in public subnets. The database tier runs Microsoft SQL Server on Amazon EC2 in a private subnet. Security is a high priority. How should security groups be configured? (Choose two.)
Choose an answer
Tap an option to check your answer.
Correct answer: Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0., Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier..
Why this is the answer
The web tier needs to be accessible from the internet, so its security group must allow inbound HTTPS (port 443) traffic from anywhere (0.0.0.0/0). This is a standard configuration for public-facing web servers. The database tier should only be accessible by the web tier. Therefore, its security group must allow inbound SQL Server traffic (port 1433) specifically from the security group associated with the web tier instances. Referencing the web tier's security group ensures that only authorized web servers can connect, enhancing security. Outbound traffic from the web tier on port 443 to 0.0.0.0/0 is generally allowed by default for most security groups, but it's not the primary inbound rule for public access. Allowing outbound traffic from the database tier to the web tier on ports 443 and 1433 is unnecessary for the web tier to initiate connections to the database; the database typically responds on the same port the connection was initiated on. Allowing inbound 443 to the database tier is incorrect as databases don't typically serve HTTPS requests directly.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed