Which combination of security group configurations should the solutions architect use?
(Choose three.)
Configure the security group for the web tier to allow inbound HTTPS traffic from the security group for the ALB.
Configure the security group for the web tier to allow outbound HTTPS traffic to 0.0.0.0/0.
Configure the security group for the database tier to allow inbound Microsoft SQL Server traffic from the security group for the application tier.
Configure the security group for the database tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.
Configure the security group for the application tier to allow inbound HTTPS traffic from the security group for the web tier.
Configure the security group for the application tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.
Explanations:
The web tier should allow inbound HTTPS traffic from the ALB’s security group to handle requests from the internet-facing ALB.
The web tier should not require outbound HTTPS traffic to 0.0.0.0/0 as it communicates with internal layers, not directly to the internet.
The database tier should allow inbound Microsoft SQL Server traffic from the application tier’s security group to permit data access.
The database tier does not need outbound HTTPS or SQL Server traffic to the web tier, as data communication should be inbound from the application tier only.
The application tier should allow inbound HTTPS traffic from the web tier’s security group to receive requests from the web tier.
The application tier does not need outbound traffic permissions for the web tier’s security group since it only needs to receive requests from the web tier.
Based on what I know, the answer is:
Configure the security group for the web tier to allow inbound HTTPS traffic from the security group for the ALB.