AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company is deploying a multi-tier web application on AWS. The application consists of front-end web servers and back-end database servers. The web servers must be accessible from the internet, while the database servers must not be accessible from the internet but should communicate with the web servers. Which network segmentation strategy should be used to meet these requirements?
Place both web servers and database servers in a private subnet.
Place both web servers and database servers in a public subnet.
Place the web servers in a public subnet and the database servers in a private subnet.
Place the web servers in a private subnet and the database servers in a public subnet.
Placing the web servers in a public subnet connected to an Internet Gateway (IGW) allows them to receive traffic from the Internet, satisfying the need for external accessibility. Placing the database servers in a private subnet prevents direct Internet access, enhancing security, while still allowing communication with the web servers within the VPC (Virtual Private Cloud). Placing both tiers in a public subnet would expose the database servers to the Internet, which is insecure. Placing both in a private subnet would prevent the web servers from being accessible from the Internet. Placing web servers in a private subnet and database servers in a public subnet reverses the required accessibility, making the database servers exposed to the Internet and web servers inaccessible.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a public subnet and how does it connect to the Internet?
Open an interactive chat with Bash
What is a private subnet and why is it important for database security?
Open an interactive chat with Bash
What is an Internet Gateway (IGW) and what role does it play in AWS networking?