Practice Test 1 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test
A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a default VPC private subnet with NACL settings that was created by AWS as default. The web servers must be accessible only to customers on HTTPS connections, and the database must only be accessible to web servers in a public subnet. Which solution would meet these requirements without impacting other applications? (SELECT TWO)
A. Create a network ACL on the Web Server’s subnets, allow HTTPS port 443 inbound and specify the source as 0.0.0.0/0.
B. Create a Web Server security group that allows HTTPS port 443 inbound traffic from anywhere (0.0.0.0/0) and apply it to the Web Servers.
C. Create a DB Server security group that allows MySQL port 3306 inbound and specify the source as the Web Server security group.
D. Create a network ACL on the DB subnet, allow MySQL port 3306 inbound for Web Servers and deny all outbound traffic.
E. Create a DB Server security group that allows HTTPS port 443 inbound and specify the source as a Web Server security group.
Explanation:
Correct Answer – B and C
This sort of setup is explained in the AWS documentation.
1) To ensure that traffic can flow into your webserver from anywhere on secure traffic, you need to allow inbound security at 443.
2) And then, you need to ensure that traffic can flow from the webserver to the database server via the database security group.
The below snapshots from the AWS Documentation show rule tables for security groups related to the same requirements as in the question.
- For more information on this use case scenario, please visit the following URL:
- Options A and D are invalid answers.
- Network ACLs are stateless. So we need to set rules for both inbound and outbound traffic for Network ACLs.
- Option E is also invalid because, in order to communicate with the MySQL servers, we need to allow traffic to flow through port 3306.
- Note: The above correct options are the combination of steps required to secure your web and database servers. Besides, the company may implement additional security measures from their end.
Comments are closed, but trackbacks and pingbacks are open.