AWS Certified Solutions Architect – Associate (SAA-C03) — Question 932

A company is designing a web application with an internet-facing Application Load Balancer (ALB).

The company needs the ALB to receive HTTPS web traffic from the public internet. The ALB must send only HTTPS traffic to the web application servers hosted on the Amazon EC2 instances on port 443. The ALB must perform a health check of the web application servers over HTTPS on port 8443.

Which combination of configurations of the security group that is associated with the ALB will meet these requirements? (Choose three.)

Answer options

• A. Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443.
• B. Allow all outbound traffic to 0.0.0.0/0 for port 443.
• C. Allow HTTPS outbound traffic to the web application instances for port 443.
• D. Allow HTTPS inbound traffic from the web application instances for port 443.
• E. Allow HTTPS outbound traffic to the web application instances for the health check on port 8443.
• F. Allow HTTPS inbound traffic from the web application instances for the health check on port 8443.

Correct answer: A, C, E

Explanation

To allow the ALB to accept public internet traffic, an inbound rule permitting HTTPS (port 443) from 0.0.0.0/0 is required. The ALB must also be allowed to route traffic to the backend instances, which requires an outbound rule to the EC2 instances on port 443. Lastly, since the health checks are configured on port 8443, an outbound rule allowing HTTPS traffic to the instances on port 8443 is necessary.