SCS-C02 · Question #388
SCS-C02 Question #388: Real Exam Question with Answer & Explanation
The correct answer is B: Consider moving the database server to a private subnet. The ideal setup is to ensure that the web server is hosted in the public subnet so that it can be accessed by users on the internet. The database server can be hosted in the private subnet. The below diagram from the AWS Documentation shows how this can be setup Option A and C ar
Question
Your current setup in AWS consists of the following architecture. 2 public subnets, one subnet which has the web servers accessed by users across the internet and the other subnet for the database server. Which of the following changes to the architecture would add a better security boundary to the resources hosted in your setup?
Options
- AConsider moving the web server to a private subnet
- BConsider moving the database server to a private subnet
- CConsider moving both the web and database server to a private subnet
- DConsider creating a private subnet and adding a NAT instance to that subnet
Explanation
The ideal setup is to ensure that the web server is hosted in the public subnet so that it can be accessed by users on the internet. The database server can be hosted in the private subnet. The below diagram from the AWS Documentation shows how this can be setup Option A and C are invalid because if you move the web server to a private subnet, then it cannot be accessed by users Option D is invalid because NAT instances should be present in the public subnet
Community Discussion
No community discussion yet for this question.