• Home
  • Amazon, SCS-C01
  • Which security group configuration will allow the application to be secure and functional?

Which security group configuration will allow the application to be secure and functional?

Posted by: Pdfprep Category: SCS-C01 Tags: , , Post Date: January 23, 2021

A web application runs in a VPC on EC2 instances behind an ELB Application Load Balancer. The application stores data in an RDS MySQL DB instance. A Linux bastion host is used to apply schema updates to the database – administrators connect to the host via SSH from a corporate workstation.

The following security groups are applied to the infrastructure-

* sgLB – associated with the ELB

* sgWeb – associated with the EC2 instances.

* sgDB – associated with the database

* sgBastion – associated with the bastion host

Which security group configuration will allow the application to be secure and functional?
A . sgLB :allow port 80 and 443 traffic from 0.0.0.0/0
sgWeb :allow port 80 and 443 traffic from 0.0.0.0/0
sgDB :allow port 3306 traffic from sgWeb and sgBastion
sgBastion: allow port 22 traffic from the corporate IP address range
B . sgLB :aIlow port 80 and 443 traffic from 0.0.0.0/0
sgWeb :allow port 80 and 443 traffic from sgLB
sgDB :allow port 3306 traffic from sgWeb and sgLB
sgBastion: allow port 22 traffic from the VPC IP address range
C . sgLB :allow port 80 and 443 traffic from 0.0.0.0/0
sgWeb :allow port 80 and 443 traffic from sgLB
sgDB :allow port 3306 traffic from sgWeb and sgBastion
sgBastion: allow port 22 traffic from the VPC IP address range
D . sgLB :allow port 80 and 443 traffic from 0.0.0.0/0
sgWeb :allow port 80 and 443 traffic from sgLB
sgDB :al!ow port 3306 traffic from sgWeb and sgBastion
sgBastion: allow port 22 traffic from the corporate IP address range

Answer: D

Explanation:

The Load Balancer should accept traffic on ow port 80 and 443 traffic from 0.0.0.0/0

The backend EC2 Instances should accept traffic from the Load Balancer The database should allow traffic from the Web server

And the Bastion host should only allow traffic from a specific corporate IP address range Option A is incorrect because the Web group should only allow traffic from the Load balancer

For more information on AWS Security Groups, please refer to below URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/usins-network-security.htmll The correct answer is: sgLB :allow port 80 and 443 traffic from 0.0.0.0/0 sgWeb :allow port 80 and 443 traffic from sgLB

sgDB :allow port 3306 traffic from sgWeb and sgBastion sgBastion: allow port 22 traffic from the corporate IP address range Submit your Feedback/Queries to our Experts

Author

Leave a Reply

Your email address will not be published.