How would you configure security groups for a typical web application with a load balancer, application servers, and a database? Explain the principle of least privilege applied to network security.

Sample answer preview

Configuring security groups following the principle of least privilege means each resource can only receive traffic from the sources it specifically needs, on only the ports it requires. Here is how to apply this to a typical three-tier web application.