SAA-C03 · Question #227
SAA-C03 Question #227: Real Exam Question with Answer & Explanation
Sign in or unlock SAA-C03 to reveal the answer and full explanation for question #227. The question stem and answer options stay visible for context.
Question
A company is deploying a new application to a VPC on existing Amazon EC2 instances. The application has a presentation tier that uses an Auto Scaling group of EC2 instances. The application also has a database tier that uses an Amazon RDS Multi-AZ database. The VPC has two public subnets that are split between two Availability Zones. A solutions architect adds one private subnet to each Availability Zone for the RDS database. The solutions architect wants to restrict network access to the RDS database to block access from EC2 instances that do not host the new application. Which solution will meet this requirement?
Options
- AModify the RDS database security group to allow traffic from a CIDR range that includes IP
- BAssociate a new ACL with the private subnets. Deny all incoming traffic from IP addresses that
- CModify the RDS database security group to allow traffic from the security group that is associated
- DAssociate a new ACL with the private subnets. Deny all incoming traffic except for traffic from a
Unlock SAA-C03 to see the answer
You've previewed enough free SAA-C03 questions. Unlock SAA-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.