New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAA-C03 Exam - Topic 3 Question 60 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 60
Topic #: 3
[All SAA-C03 Questions]

[Design Secure Architectures]

A company is designing a web application with an internet-facing Application Load Balancer (ALB).

The company needs the ALB to receive HTTPS web traffic from the public internet. The ALB must send only HTTPS traffic to the web application servers hosted on the Amazon EC2 instances on port 443. The ALB must perform a health check of the web application servers over HTTPS on port 8443.

Which combination of configurations of the security group that is associated with the ALB will meet these requirements? (Select THREE.)

Show Suggested Answer Hide Answer
Suggested Answer: A, C, E

Option A:The ALB must accept HTTPS traffic from the public internet. Allowing inbound traffic on port 443 from 0.0.0.0/0 enables this functionality.

Option C:The ALB must forward HTTPS traffic to the web application servers on port 443. Outbound traffic for port 443 must be allowed for this communication.

Option E:The ALB must perform health checks on the web application servers over HTTPS on port 8443. Outbound traffic for port 8443 must be allowed for this purpose.

Option B:Allowing all outbound traffic is overly permissive and does not align with the specific requirements.

Option D and F:Inbound traffic to the ALB from the web application instances is unnecessary because the flow of traffic is from the ALB to the web application instances, not vice versa.

AWS Documentation Reference:

Application Load Balancer Security Groups

Health Checks for ALBs


by Glynda at Jun 14, 2025, 11:50 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Maia
2 months ago
Yup, E and C are essential for the health checks!
upvoted 0 times
...
Tommy
3 months ago
I think allowing all outbound traffic on port 443 is overkill.
upvoted 0 times
...
Tony
3 months ago
Definitely need to allow HTTPS inbound traffic on port 443!
upvoted 0 times
...
Ardella
3 months ago
Wait, why are we checking health on port 8443? Seems odd.
upvoted 0 times
...
Minna
3 months ago
Agree, HTTPS outbound to the app instances is a must.
upvoted 0 times
...
Tanesha
3 months ago
I feel like we might need to allow inbound traffic from the web application instances for the health check too, but I can't recall if that's necessary.
upvoted 0 times
...
Dannie
4 months ago
I’m a bit confused about the health check part. Should we allow HTTPS outbound traffic for the health check on port 8443?
upvoted 0 times
...
Nadine
4 months ago
I think we also need to allow HTTPS outbound traffic to the web application instances for port 443, right? That seems important for the communication.
upvoted 0 times
...
Nickolas
4 months ago
I remember we discussed allowing HTTPS inbound traffic from 0.0.0.0/0 for port 443, but I'm not sure if that's the only thing we need.
upvoted 0 times
...
Tina
4 months ago
This is a good test of understanding security group configuration. I'll need to carefully consider each option and make sure the combination meets all the stated requirements.
upvoted 0 times
...
Corazon
4 months ago
I'm not totally sure about the outbound rules. Do we need to allow all outbound traffic, or just the HTTPS traffic to the web app servers?
upvoted 0 times
...
Vallie
5 months ago
Okay, I think I've got this. The key is allowing HTTPS traffic in and out on the right ports for both the public-facing ALB and the internal web app servers.
upvoted 0 times
...
Valda
5 months ago
Hmm, I'm a bit confused by the health check port being different from the application port. I'll need to think through how the security group rules need to handle that.
upvoted 0 times
...
Sabine
5 months ago
This looks like a straightforward security group configuration question. I'll need to carefully read through the requirements and match them to the options provided.
upvoted 0 times
...
Yolande
8 months ago
I think we should also allow HTTPS outbound traffic to the web application instances for the health check on port 8443.
upvoted 0 times
...
Lezlie
9 months ago
Haha, I bet the web dev team is already complaining about the extra security layers. 'But why do we need HTTPS for a health check? Can't we just use HTTP?'
upvoted 0 times
...
Caprice
9 months ago
I agree with Dallas. We also need to allow HTTPS outbound traffic to the web application instances for port 443.
upvoted 0 times
...
Dortha
9 months ago
I agree with Mozelle's analysis. This is a straightforward security group configuration for an ALB with HTTPS requirements.
upvoted 0 times
Trinidad
8 months ago
E) Allow HTTPS outbound traffic to the web application instances for the health check on port 8443.
upvoted 0 times
...
Junita
8 months ago
C) Allow HTTPS outbound traffic to the web application instances for port 443.
upvoted 0 times
...
Gary
8 months ago
A) Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443.
upvoted 0 times
...
...
Dallas
9 months ago
I think we should allow HTTPS inbound traffic from 0.0.0.0/0 for port 443.
upvoted 0 times
...
Mozelle
9 months ago
A, C, and E are the correct answers. The ALB needs to allow HTTPS inbound traffic from the public internet on port 443, send HTTPS traffic to the web application servers on port 443, and allow HTTPS outbound traffic to the web application instances for the health check on port 8443.
upvoted 0 times
Aron
8 months ago
E) Allow HTTPS outbound traffic to the web application instances for the health check on port 8443.
upvoted 0 times
...
Rodolfo
8 months ago
C) Allow HTTPS outbound traffic to the web application instances for port 443.
upvoted 0 times
...
Gracia
8 months ago
A) Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443.
upvoted 0 times
...
...

Save Cancel