A Solutions Architect is concerned that the current security group rules for a database tier are too permissive and may permit requests that should be restricted.
Below are the current security group permissions for the database tier: Protocol: TCP
Port Range: 1433 (MS SQL)
Source: ALL
Currently, the only identified resource that needs to connect to the databases is the application tier consisting of an Auto Scaling group of EC2 instances.
What changes can be made to this security group that would offer the users LEAST privilege?
A. Change the source to -1 to remove source IP addresses previously unseen.
B. Change the source to the VPC CIDR block.
C. Change the source to the application instances IDs.
D. Change the source to the security group ID attached to the application instances.
It is D