ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 348 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 348
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company has a reporting application that runs on an Amazon EC2 instance in an isolated developer account on AWS. The application needs to retrieve data during non-peak company hours from an Amazon Aurora PostgreSQL database that runs in the company’s production account. The company's security team requires that access to production resources complies with AWS best security practices.

A database administrator needs to provide the reporting application with access to the production database. The company has already configured VPC peering between the production account and developer account. The company has also updated the route tables in both accounts with the necessary entries to correctly set up VPC peering.

What must the database administrator do to finish providing connectivity to the reporting application?

  • A. Add an inbound security group rule to the database security group that allows access from the developer account VPC CIDR on port 5432. Add an outbound security group rule to the EC2 security group that allows access to the production account VPC CIDR on port 5432.
  • B. Add an outbound security group rule to the database security group that allows access from the developer account VPC CIDR on port 5432. Add an outbound security group rule to the EC2 security group that allows access to the production account VPC CIDR on port 5432.
  • C. Add an inbound security group rule to the database security group that allows access from the developer account VPC CIDR on all TCP ports. Add an inbound security group rule to the EC2 security group that allows access to the production account VPC CIDR on port 5432.
  • D. Add an inbound security group rule to the database security group that allows access from the developer account VPC CIDR on port 5432. Add an outbound security group rule to the EC2 security group that allows access to the production account VPC CIDR on all TCP ports.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Doox at April 8, 2024, 1:06 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tsangckl
1 year, 1 month ago
Selected Answer: A
The database administrator should add an inbound security group rule to the database security group that allows access from the developer account VPC CIDR on port 5432. This port is the default port for PostgreSQL databases. Additionally, the administrator should add an outbound security group rule to the EC2 security group that allows access to the production account VPC CIDR on port 5432. This will allow the reporting application running on the EC2 instance to reach the database in the production account.
upvoted 1 times
...
Doox
1 year, 1 month ago
A. As long as the DB permits traffic in, return traffic is permitted. Security Groups are stateful. Security groups are stateful. For example, if you send a request from an instance, the response traffic for that request is allowed to reach the instance regardless of the inbound security group rules. Responses to allowed inbound traffic are allowed to leave the instance, regardless of the outbound rules. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago