A company website contains a web tier and a database tier on AWS. The web tier consists o…

Question

A company website contains a web tier and a database tier on AWS. The web tier consists of Amazon EC2 instances that run in an Auto Scaling group across two Availability Zones. The database tier runs on an Amazon RDS for MySQL Multi-AZ DB instance. The database subnet network ACLs are restricted to only the web subnets that need access to the database. The web subnets use the default network ACL with the default rules. The company's operations team has added a third subnet to the Auto Scaling group configuration. After an Auto Scaling event occurs, some users report that they intermittently receive an error message. The error message states that the server cannot connect to the database. The operations team has confirmed that the route tables are correct and that the required ports are open on all security groups. Which combination of actions should a SysOps administrator take so that the web servers can communicate with the DB instance? (Choose two.)

Accepted Answer

Correct answer: C, D. C. On the network ACLs for the database subnets, create an inbound Allow rule of type MySQL/Aurora (3306). Specify the source as the third web subnet. — D. On the network ACLs for the database subnets, create an outbound Allow rule of type TCP with the ephemeral port range and the destination as the third web subnet. — The correct actions are to create an inbound Allow rule for MySQL/Aurora (3306) allowing traffic from the third web subnet (C) and to set an outbound Allow rule for TCP with the ephemeral port range directed to the third web subnet (D). The other options focus on either the default ACL, which doesn't apply to the database subnets, or incorrectly configure rules that do not facilitate the necessary communication between the web servers and the database instance.

AWS Certified SysOps Administrator – Associate — Question 197

Answer options

Correct answer: C, D

Explanation