Q65 — AWS SAA-C03 Ch.4

Question 65 of 105 | ← Chapter 4

Q260. A company runs a web application that is deployed on Amazon EC2 instances in the private subnet of a VPC. An Application Load Balancer (ALB) that extends across the public subnets directs web traffic to the EC2 instances. The company wants to implement new security measures to restrict inbound traffic from the ALB to the EC2 instances while preventing access from any other source inside or outside the private subnet of the EC2 instances.Which solution will meet these requirements?

Correct Answer: B. Configure the security group for the EC2 instances to only allow traffic that comes from the security group for the ALB

Explanation

configure the security group for the EC2 instances to only allow traffic that comes from the security group for the ALB. This ensures that only the traffic originating from the ALB is allowed access to the EC2 instances in the private subnet, while denying any other traffic from other sources. The other options do not provide a suitable solution to meet the stated requirements.