Answer-first summary for fast verification
Answer: Establish a security group for the public subnet web servers to allow inbound traffic from any IP address on port 443., Set up a security group for the DB instance to allow inbound traffic from the security group associated with the web servers on port 3306.
Option C is correct because it involves creating a security group for the web servers in the public subnet and allowing traffic from any IP address on port 443, which is necessary for web servers to be accessible via the internet. Option D is also correct because it involves creating a security group for the DB instance and adding a rule to allow traffic from the web servers' security group on port 3306, ensuring that the DB instance is only accessible by the web servers. These steps ensure that the architecture is secure and meets the specified requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A solutions architect is tasked with designing a two-tier architecture comprising a public and a database subnet. The requirement is for web servers in the public subnet to be accessible via the internet on port 443, while ensuring that the MySQL DB instance in the database subnet is only accessible to these web servers on port 3306. Identify the necessary steps to achieve this configuration.
A
Implement a network ACL on the public subnet to restrict outbound traffic on port 3306 to all IP addresses.
B
Configure a security group for the DB instance to permit traffic from the public subnet's CIDR block on port 3306.
C
Establish a security group for the public subnet web servers to allow inbound traffic from any IP address on port 443.
D
Set up a security group for the DB instance to allow inbound traffic from the security group associated with the web servers on port 3306.