AWS Certified Solutions Architect – Associate (SAA-C02) — Question 185

A solutions architect is designing a two-tier web application. The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets. The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet. Security is a high priority for the company.
How should security groups be configured in this situation? (Choose two.)

Answer options

• A. Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.
• B. Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.
• C. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.
• D. Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier.
• E. Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.

Correct answer: A, C

Explanation

Option A is correct as it allows secure HTTPS traffic to the web tier from anywhere on the internet. Option C is also correct since it permits the database tier to receive traffic on the necessary port from the web tier's security group, maintaining secure communication. The other options either incorrectly configure outbound traffic or allow insecure access, which does not align with the security priorities of the company.