Big 11.11 Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Specialty
  5. SCS-C02 Discussions
  6. SCS-C02 Exam Topic 13 Question 128 Discussion

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 128 Topic 13 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 128 Topic 13 Discussion

SCS-C02 Exam Topic 13 Question 128 Discussion:
Question #: 128
Topic #: 13

A company has an external web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB) within a VPC. The web application stores data in an Amazon RDS for MySQL DB instance. The company uses a Linux bastion host to apply schema updates to the database Administrators connect to the bastion host through SSH from their corporate workstations. The following security groups are applied to the infrastructure.

• sgLB associated with the ALB

• sgWeb associated with the EC2 instances

• sgDB associated with the DB instance

• sgBastion associated with the bastion host

Which security group configuration will meet these requirements MOST securely?
A.

• sgLB Allow port 80 traffic and port 443 traffic from 0 0 0 0/0

• sgWeb Allow port 80 traffic and port 443 traffic from sgLB

• sgDB Allow port 3306 traffic from sgWeb and sgBastion

• sgBastion Allow port 22 traffic from the corporate IP address range

B.

• sgLB Allow port 80 traffic and port 443 traffic from 0 0 0 0/0

• sgWeb Allow port 80 traffic and port 443 traffic from sgLB

• sgDB Allow port 3306 traffic from sgWeb and sgLB

• sgBastion Allow port 22 traffic from the VPC IP address range

C.

• sgLB Allow port 80 traffic and port 443 traffic from 0 0 0 0/0

• sgWeb Allow port 80 traffic and port 443 traffic from sgLB

• sgDB Allow port 3306 traffic from sgWeb and sgBastion

• sgBastion Allow port 22 traffic from the VPC IP address range

D.

* sgLB: Allow port 80 traffic and port 443 traffic from 0.0.0.0/0

* sgWeb: Allow port 80 traffic and port 443 traffic from 0.0.0.0/0

* sgDB: Allow port 3306 traffic from sgWeb and sgBastion

* sgBastion: Allow port 22 traffic from the corporate IP address range

Get Premium SCS-C02 Questions
Actual exam question for Amazon Web Services SCS-C02 exam by Kairo6831 at Nov 10, 2025, 2:15:14 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next