Exam AWS-SysOps topic 1 question 629 discussion

By adding the EC2 instances to the ALB target group, you allow the ALB to route traffic to the instances. It is essential to configure the health check settings to ensure that the instances are healthy and capable of serving traffic. The ALB periodically checks the health of the instances based on the configured health check settings and directs traffic only to healthy instances. To improve the security of the application, it is recommended to restrict access to the EC2 instances from only the ALB. This can be achieved by modifying the security group rules for the instances and allowing inbound traffic only from the security group associated with the ALB. This ensures that traffic is allowed only from the ALB and not directly from the public internet. Additionally, removing the public IPs from the instances enhances security by preventing direct access to the instances.

The default answer is correct B and D

Correct Answer: A & D like @XRiddlerX said: "The Security Team deployed the ALB (Application Load Balancer) with no registered targets. When they reconfigured the DNS name to point to the ALB instead of the EC2 instances, a query to the DNS name will fail. First, a sysadmin will need to, A, add the EC2 instances to the ALB target group, configure the health checks, and make sure they are healthy. Second, a sysadmin will need to, D, Change the security group for the EC2 instances to allow access from only the ALB security group, and remove the public IPs from the instances. With the healthy EC2 instances registered as targets in the ALB, proper security group configured, and the removal of the public IPs you have successfully met their requirements. Review How to create an application load balancer here : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-application-load-balancer.html"

it's A and D.