SCS-C02 · Question #51
SCS-C02 Question #51: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #51. The question stem and answer options stay visible for context.
Question
A security engineer is working with a company to design an ecommerce application. The application will run on Amazon EC2 instances that run in an Auto Scaling group behind an Application Load Balancer (ALB). The application will use an Amazon RDS DB instance for its database. The only required connectivity from the internet is for HTTP and HTTPS traffic to the application. The application must communicate with an external payment provider that allows traffic only from a preconfigured allow list of IP addresses. The company must ensure that communications with the external payment provider are not interrupted as the environment scales. Which combination of actions should the security engineer recommend to meet these requirements? (Choose three.)
Options
- ADeploy a NAT gateway in each private subnet for every Availability Zone that is in use.
- BPlace the DB instance in a public subnet.
- CPlace the DB instance in a private subnet.
- DConfigure the Auto Scaling group to place the EC2 instances in a public subnet.
- EConfigure the Auto Scaling group to place the EC2 instances in a private subnet.
- FDeploy the ALB in a private subnet.
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.