Which combination of security group configurations should the solutions architect use?

By:
In: SAA-C03
Tagged:
With: 2 Comments
A solutions architect is designing a three-tier web application.The architecture consists of an internet-facing Application Load Balancer (ALB) and a web tier that is hosted on Amazon EC2 instances in private subnets.The application tier with the business logic runs on EC2 instances in private subnets.The database tier consists of Microsoft SQL Server that runs on EC2 instances in private subnets.Security is a high priority for the company.

Which combination of security group configurations should the solutions architect use?

(Choose three.)

Configure the security group for the web tier to allow inbound HTTPS traffic from the security group for the ALB.

Configure the security group for the web tier to allow outbound HTTPS traffic to 0.0.0.0/0.

Configure the security group for the database tier to allow inbound Microsoft SQL Server traffic from the security group for the application tier.

Configure the security group for the database tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.

Configure the security group for the application tier to allow inbound HTTPS traffic from the security group for the web tier.

Configure the security group for the application tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.

Explanations:

The web tier should allow inbound HTTPS traffic from the ALB’s security group to handle requests from the internet-facing ALB.

The web tier should not require outbound HTTPS traffic to 0.0.0.0/0 as it communicates with internal layers, not directly to the internet.

The database tier should allow inbound Microsoft SQL Server traffic from the application tier’s security group to permit data access.

The database tier does not need outbound HTTPS or SQL Server traffic to the web tier, as data communication should be inbound from the application tier only.

The application tier should allow inbound HTTPS traffic from the web tier’s security group to receive requests from the web tier.

The application tier does not need outbound traffic permissions for the web tier’s security group since it only needs to receive requests from the web tier.

2026-03-17

2 Comments

  1. Emily
    Author

    Based on what I know, the answer is:
    Configure the security group for the web tier to allow inbound HTTPS traffic from the security group for the ALB.

  2. James
    Author

    From my point of view, the answer is:
    Configure the security group for the web tier to allow inbound HTTPS traffic from the security group for the ALB.

Leave a Reply to James Cancel reply

Your email address will not be published. Required fields are marked *

17 + six =