Firewall PBQs: AWS Certified Solutions Architect - Associate (SAA-C03)
easyQuestion 1 of 3
You are designing security groups for a three-tier web application. The web tier security group in the public subnet (10.0.1.0/24) currently allows both HTTPS and MySQL traffic from the internet. The web tier should only accept HTTPS from the internet -- it should never be directly accessible on the database port. Add a default deny rule. Fix the security group.
Firewall Rules
| # | Direction | Source | Port | Protocol | Action | Order | |
|---|---|---|---|---|---|---|---|
| 1 | inbound | any | 443 | tcp | allow | ||
| 2 | inbound | any | 3306 | tcp | allow |
Rules are evaluated top to bottom. Use ▲▼ to reorder.
Progress
0 of 2 rules correctEdit or add rules to configure the firewall, then mark complete
0 of 3 marked complete