Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

You are defining the network topology for a three-tier web application to be deployed in a public cloud VPC. The design must allow users on the Internet to reach the web front-end, restrict access to the application tier, and keep the database tier completely inaccessible from external networks. Which component placement BEST satisfies these security requirements?

  • Place an Internet-facing load balancer in a public (DMZ) subnet; deploy web servers in a private subnet reachable only through the load balancer; put application servers in a second private subnet accessible only from the web tier; and isolate database servers in a third private subnet that accepts traffic solely from the application tier.

  • Host web and application servers together in a public subnet behind security groups, and locate the database in the same subnet secured with TLS.

  • Deploy web servers in a public subnet, with application and database servers in a shared private subnet protected only by host-based firewalls.

  • Put all three tiers in one private subnet and use network ACLs to block direct Internet access to the database.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Architecture and Design
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot