ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your team is migrating a three-tier application to AWS. Compliance mandates that the application and database tiers run on single-tenant physical servers, and the software vendor requires visibility of CPU socket counts for licensing. The public web tier can stay on shared hardware. In a VPC with separate public and private subnets, which deployment minimizes cost while meeting all requirements?
Set the entire VPC to dedicated tenancy and deploy all three tiers across multiple Availability Zones on dedicated hardware.
Launch the web servers in a public subnet on shared-tenancy EC2 instances, and deploy the application and database instances on EC2 Dedicated Hosts in private subnets within the same VPC.
Create a separate VPC for the back-end tiers, peer it with the web-tier VPC, and run all instances on standard shared-tenancy hosts.
Deploy each tier on separate EC2 bare-metal instance types inside a placement group to ensure physical isolation and license visibility.
Placing only the application and database tiers on EC2 Dedicated Hosts satisfies physical isolation and exposes socket-level details through the describe-hosts API, meeting both compliance and vendor licensing needs. Because the web tier remains on inexpensive shared-tenancy instances, the organization avoids paying dedicated-host rates where they are not required.
Setting the entire VPC to dedicated tenancy forces every instance-including the web tier-to run as Dedicated Instances, which do not expose host-level hardware details and unnecessarily increase cost. Running all tiers on shared-tenancy hardware fails the isolation requirement. Using separate bare-metal instances would provide isolation and socket visibility, but each instance consumes a whole physical server; deploying three separate bare-metal servers for a modest workload is typically more expensive than consolidating multiple smaller instances on a couple of Dedicated Hosts, so it is not the most cost-effective solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is shared tenancy in AWS EC2?
Open an interactive chat with Bash
What is an EC2 Dedicated Host and how does it help with compliance?
Open an interactive chat with Bash
Why is running the web tier on shared tenancy more cost-effective?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .