AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company is deploying a multi-tier web application on AWS. The application consists of front-end web servers and back-end database servers. The web servers must be accessible from the internet, while the database servers must not be accessible from the internet but should communicate with the web servers. Which network segmentation strategy should be used to meet these requirements?
Place the web servers in a public subnet and the database servers in a private subnet.
Place the web servers in a private subnet and the database servers in a public subnet.
Place both web servers and database servers in a private subnet.
Place both web servers and database servers in a public subnet.
Placing the web servers in a public subnet connected to an Internet Gateway (IGW) allows them to receive traffic from the Internet, satisfying the need for external accessibility. Placing the database servers in a private subnet prevents direct Internet access, enhancing security, while still allowing communication with the web servers within the VPC (Virtual Private Cloud). Placing both tiers in a public subnet would expose the database servers to the Internet, which is insecure. Placing both in a private subnet would prevent the web servers from being accessible from the Internet. Placing web servers in a private subnet and database servers in a public subnet reverses the required accessibility, making the database servers exposed to the Internet and web servers inaccessible.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a public and private subnet in AWS?
Open an interactive chat with Bash
How do web servers in a public subnet communicate with database servers in a private subnet?
Open an interactive chat with Bash
Why is it insecure to place both web and database servers in a public subnet?