CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company is deploying a web application on AWS and requires that the backend servers hosting the application are not publicly accessible, except via the application's front-end interface. What is the most effective method to prevent direct internet access to these backend servers?

  • Set up the backend servers' security group to allow inbound HTTP and HTTPS traffic exclusively from the security group assigned to the load balancer.

  • Assign Elastic IP addresses to each backend server to restrict internet access.

  • Change the route table to ensure all outbound internet traffic from the backend servers goes through a NAT gateway.

  • Limit the backend servers' security group to permit inbound SSH connections only from trusted IP addresses.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:
Design Secure Architectures
Design Resilient Architectures
Design High-Performing Architectures
Design Cost-Optimized Architectures