312-50V10 · Question #147
You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture i
The correct answer is B. A web server facing the Internet, an application server on the internal network, a database server on. Three-tier web application architecture places only the web server in a DMZ exposed to the Internet, keeping application and database servers protected on the internal network to limit attack surface.
Question
You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?
Options
- AAll three servers need to be placed internally
- BA web server facing the Internet, an application server on the internal network, a database server on
- CA web server and the database server facing the Internet, an application server on the internal network
- DAll three servers need to face the Internet so that they can communicate between themselves
How the community answered
(22 responses)- A5% (1)
- B77% (17)
- C5% (1)
- D14% (3)
Why each option
Three-tier web application architecture places only the web server in a DMZ exposed to the Internet, keeping application and database servers protected on the internal network to limit attack surface.
Placing all three servers internally makes the web server unreachable from the Internet, defeating the purpose of hosting a public-facing application.
This is the standard three-tier DMZ architecture: the web server in the DMZ handles Internet-facing requests, the application server on the internal network processes business logic, and the database server remains fully internal - ensuring that a compromise of the web tier does not grant direct access to sensitive data or application logic.
Exposing the database server directly to the Internet creates a severe security risk, as it contains sensitive data and should never be reachable from untrusted networks.
Inter-tier communication in a three-tier architecture occurs over internal network segments, not the public Internet, so there is no technical requirement for all servers to be Internet-facing.
Concept tested: Three-tier web application DMZ architecture
Source: https://learn.microsoft.com/en-us/azure/architecture/guide/architecture-styles/n-tier
Topics
Community Discussion
No community discussion yet for this question.