SAA-C03 Question #204: Real Exam Question with Answer & Explanation

Question

A company is designing a web application with an internet-facing Application Load Balancer (ALB). The company needs the ALB to receive HTTPS web traffic from the public internet. The ALB must send only HTTPS traffic to the web application servers hosted on the Amazon EC2 instances on port 443. The ALB must perform a health check of the web application servers over HTTPS on port 8443. Which combination of configurations of the security group that is associated with the ALB will meet these requirements? (Select THREE.)

Options

• AAllow HTTPS inbound traffic from 0.0.0.0/0 for port 443.
• BAllow all outbound traffic to 0.0.0.0/0 for port 443.
• CAllow HTTPS outbound traffic to the web application instances for port 443.
• DAllow HTTPS inbound traffic from the web application instances for port 443.
• EAllow HTTPS outbound traffic to the web application instances for the health check on port 8443.
• FAllow HTTPS inbound traffic from the web application instances for the health check on port

Explanation

Option A: The ALB must accept HTTPS traffic from the public internet. Allowing inbound traffic on port 443 from 0.0.0.0/0 enables this functionality. Option C: The ALB must forward HTTPS traffic to the web application servers on port 443. Outbound traffic for port 443 must be allowed for this communication. Option E: The ALB must perform health checks on the web application servers over HTTPS on port 8443. Outbound traffic for port 8443 must be allowed for this purpose. Option B: Allowing all outbound traffic is overly permissive and does not align with the specific Option D and F: Inbound traffic to the ALB from the web application instances is unnecessary because the flow of traffic is from the ALB to the web application instances, not vice versa.

No community discussion yet for this question.