SAA-C03 · Question #380
SAA-C03 Question #380: Real Exam Question with Answer & Explanation
The correct answer is B: Place the ALB in public subnets. Place the EC2 instances and RDS database in private subnets.. The ALB must be in a public subnet to receive internet traffic. The EC2 instances and the RDS database should be in private subnets to prevent direct internet access, minimizing the attack surface. This aligns with AWS security best practices for web application architectures.
Question
A solutions architect is designing the architecture for a two-tier web application. The web application consists of an internet-facing Application Load Balancer (ALB) that forwards traffic to an Auto Scaling group of Amazon EC2 instances. The EC2 instances must be able to access an Amazon RDS database. The company does not want to rely solely on security groups or network ACLs. Only the minimum resources that are necessary should be routable from the internet. Which network design meets these requirements?
Options
- APlace the ALB, EC2 instances, and RDS database in private subnets.
- BPlace the ALB in public subnets. Place the EC2 instances and RDS database in private subnets.
- CPlace the ALB and EC2 instances in public subnets. Place the RDS database in private subnets.
- DPlace the ALB outside the VPC. Place the EC2 instances and RDS database in private subnets.
Explanation
The ALB must be in a public subnet to receive internet traffic. The EC2 instances and the RDS database should be in private subnets to prevent direct internet access, minimizing the attack surface. This aligns with AWS security best practices for web application architectures.
Community Discussion
No community discussion yet for this question.